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CLEAR  CHOICE  TEST: 

ANTIMALWARE  GATEWAYS 

McAfee  wins  Web 
security  shootout 

All  five  products  tested 
deliver  online  protection 
against  zero-day 
threats.  PAGE  24 


iPhone  winning  over 
IT  security  skeptics 


BY JOHN  COX 


APPLE’S  IPHONE  IS  slowly 
but  surely  winning  over  some  enterprise 
security  skeptics.  As  a  result,  it’s  now  showing 
up  alongside,  or  instead  of,  Research  in  Motion 
RlackBerries  and  Microsoft  Windows  Mobile 
handsets,  even  though  Apple  offers  none  of  the 
security  and  management  features  that  are  hall¬ 
marks  of  those  two  platforms. 

With  the  release  this  year  of  iPhone  OS  3.0,  the 
popular  handset  is  capable  of  a  more  advanced 
mobile  symbiosis,  relying  on  the  Microsoft 
Exchange  security  and  management  features 
that  are  accessed  via  Apple’s  implementation  of 
Microsoft  ActiveSync.  Coupled  with  a  greatly 


improved  iPhone  Configuration  Utility 
(ICU),  the  new  operating  system 
has  gotten  high  grades. 

From  its  birth  in  2007,  the 
iPhone  has  been  criticized  for  lacking 
enterprise  security  and  Apple  for  not  caring 
about  it,  given  the  company’s  consumer  focus 
with  the  popular  smartphone.  That  began  to 
change  in  2008,  when  Apple  introduced  sup¬ 
port  for  ActiveSync,  enabling  an  Exchange 
administrator  to  erase  all  the  data  on  a  lost  or 
stolen  iPhone,  for  example.  The  3.0  release  in 
June  2009  added  more  improvements,  and 
some  observers  expect  even  bigger  security 
changes  in  2010. 

See  iPhone, page  12 


Novell  makes  pitch  for  bigger 
role  in  virtualization  security 


BY  ELLEN  MESSMER 


NOVELL  THIS  WEEK  will  lay  out  an  ambi¬ 
tious  plan  to  secure  applications  across  het¬ 
erogeneous  virtualization  platforms,  an  effort 
designed  to  play  off  Novell’s  strengths  in  net¬ 
work  and  identity  management. 

Novell’s  Intelligent  Workload  Management 
initiative  will  be  designed  for  the  creation 
of  application  workloads,  described  by  the 


company  as  portable,  self-contained  units  of 
work  built  through  the  integration  of  the  operat¬ 
ing  system,  middleware  and  application,  to  run 
on  server  virtualization  products  from  VMware, 
Microsoft  and  Citrix,  among  others.  Under  the 
plan,  workloads  will  maintain  security  and  com¬ 
pliance  policies,  along  with  real-time  reporting 
and  monitoring  capabilities,  wherever  they  go. 

The  company  says  it  will  roll  out  eight 

See  Novell, page  16 


Management 
companies  to  watch 

IT  management  newcomers 
tackle  problems  in  ways 
industry  veterans  haven’t 

yet  Page  24 


Network  Security. 

It's  what  we're  made  of. 


MANAGED  SECURITY  SERVICES  FROM  AT&T.  When  it  comes  to 
system  security  and  protecting  your  network,  trust  your  business 
data  to  the  architect  and  overseer  of  the  world's  largest  wired  and 
wireless  network.  With  AT&T's  vast  security  expertise,  we  can  assess 
vulnerabilities,  help  protect  your  infrastructure,  detect  attacks  and 
respond  to  suspicious  activities.  Taking  care  of  the  hidden  dangers, 
so  you  can  focus  on  the  work  that's  in  front  of  you.  That's  how 
AT&T  helps  your  business  Stretch. 


att.com/dnasecurity 


at&t 

Your  world.  Delivered. 


JEFF  CROSBY 


HETWORKWORLD 

10  News  Analysis  Which  OS  is  best  for  app  development? 

14  News  Analysis  Taming  IT  management  complexity. 

16  Risk  and  Reward  Security  reviews:  Good  riddance 
to  2009.  BY  ANDREAS  ANTONOPOULOS 

20  Tech  Update  Reducing  data  center  energy  use. 

22  Gear  Head  Popoplug:  A  wolf  in  sheep’s  clothing,  by  mark  gibbs 

22  Cool  Tools  It’s  an  app  world  after  all.  by  keith  shaw 

34  BackSpin  Keeping  us  safe  the  Sprint  way.  by  mark  gibbs 

34  Net  Buzz  Dragon’s  holiday  gift  ad  won’t  win 
over  parents,  by  Paul  mcnamara 


CLEAR  CHOICE  TEST: 

ANTIMALWARE  GATEWAYS 

McAfee  wins  Web 
4  security  shootout 

All  five  products  tested 
m  deliver  online  protection 
,  against  zero-day 
:  threats.  PAGE  24 


GOODBADUGLY 


AT&T,  Verizon  drop  suits 

Expect  to  see  more  of  Verizon’s  "there’s  a  map 
for  that”  advertisements.  On  Dec.  2,  AT&T 
asked  the  court  to  dismiss  its  lawsuit  that 
sought  to  prevent  Verizon  from  continuing  to 
run  the  commercials.  Verizon  also  dropped 
the  suit  it  filed  against  AT&T  in  response, 
according  to  an  AT&T  spokesman.  The  Verizon 
ads  at  the  heart  of  the  dispute  display  two 
maps  of  the  U.S.,  one  showing  AT&T’s  sparse 
3G  coverage  and  the  other  showing  Verizon’s 
more  extensive  3G  network.  AT&T  argued 
that  the  ads  implied  that  customers  get  no 
coverage  at  all  outside  of  the  3G  network.  But 
Verizon  pointed  out  the  ads  clearly  state  that 
both  maps  show  3G  coverage. 

AT&T  customer  satisfaction  tanks 

AT&T  got  some  bad  news  from  Consumer 
Reports  this  week,  as  the  magazine’s  latest 
survey  shows  that  the  carrier  now  has  the 
lowest  level  of  customer  satisfaction  in  the 
United  States.  AT&T  got  its  lowest  marks  in 
the  survey  for  its  voice  services,  as  it  was  the 
only  wireless  carrier  in  the  United  States  to 
receive  below-average  marks  for  its  voice 
quality.  Verizon  received  above  average  marks 
for  its  voice  service  while  T-Mobile  and  Sprint 
both  received  average  marks.  AT&T  also 
received  subpar  remarks  across  the  board  for 
its  customer  service. 
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admin  in  hot  water 

The  Arizona  Republic  reported  that  the  search 
for  intelligent  life  beyond  Earth  —  using 
computers  belonging  to  the  Higley  Unified 
School  District  —  has  cost  a  network  systems 
administrator  his  job.  The  report  states  that 
Brad  Niesluchowski,  a  heavy  user  of  the 
SETI@home  distributed  computing  program, 
resigned  from  his  job  in  October  following 
an  investigation  into  “suspicious  activity.” 
Documents  obtained  by  the  Republic  show 
allegations  that  the  sysadmin’s  use  of  the 
volunteer  computing  program  across  school 
district  computers  could  add  up  to  more  than 
$1  million  in  costs  associated  with  energy 
usage,  equipment  loss  and  more.  However, 
the  alleged  unauthorized  use  of  SETI@home 
on  the  computers  appears  to  be  only  part  of 
the  problem,  since  Nieslu- 

ments  is  also  alleged 

and  taken  r 

them  home, 
according  to  the 
Republic. 
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PEERSAY 


An  apology  or  a  smokescreen? 

Re:  Prevx  apologizes,  backtracks  on  claims  that 
Microsoft  patch  causes  black  screen  (http:// 
tinyurl.com/yzwq8uf): 

So  what  are  the  odds  that  it  was  Prevx’s 
software  that  caused  it  in  the  first  place?  Their 
statement  sounds  just  like  the  kind  my  kids 
make  after  they  smack  their  sibling  in  the  head 
with  something  and  then  try  and  give  a  detailed 
explanation  of  what  happened,  clearly  showing 
the  involvement  of  the 
other  sibling  and  how 
their  actions  ended  with 
the  head  whacking,  but 
offering  very  little  detail 
about  what  they  were 
actually  doing  them¬ 
selves,  other  than  gener¬ 
alities.  ‘I  was  just  sitting 
here,  playing  by  myself, 
swinging  my  arms  back 
and  forth,  and  then  MSFT  walks  through  and 
just  walks  right  into  me  while  I  was  singing  and 
thinking  about  how  much  I  enjoy  MSFT’s  prod¬ 
ucts  and  then  they’re  on  the  ground  crying  that 
they  got  popped  in  the  head  by  something.  My 
hand  was  sore,  but  I’m  not  sure  if  it  hit  them  or 
the  wall,  and  in  any  event  I  really  had  nothing 
to  do  with  it,  so...’ 

Anon 

Microsoft  patches  are  good 
for  repair  business 

Re:  Microsoft  denies  that  its  patch  causes  BSOD 
(http://tinyurl.com/ygtnnv7): 

I  don’t  know  how  many  systems  my  husband 
has  repaired  because  of  the  patches  causing  the 
BSOD  —  in  the  past  two  days  alone.  I  have  a  sort 
of  flickering  problem.  My  computer  seems  to 
turn  itself  on  and  off  when  it  wants  to.  It  didn’t 
happen  until  it  updated.  So  go  ahead  and  tell  me 
that  it’s  not  the  patch.  I  have  Windows  XP  Pro¬ 
fessional  running  on  an  HP  rp5000.  Never  had  a 
problem  until  I  finally  relented  and  installed  the 
updates.  The  first  and  last  time  I  chose  Express 
install.  I  have  never  before  allowed  automatic 
update  to  run.  This  time  I  didn’t  have  time  to 
look  into  the  patches  and  I  got  screwed.  And  of 
course  Microsoft  doesn’t  want  to  admit  it’s  their 


fault  again,  not  after  what  happened  in  October 
—  why  would  they?  I’m  done  with  Microsoft  and 
if  the  patch  problems  keep  up  I  will  go  back  to 
Linux  and  be  done  with  it  for  good. 

JCTorpey 

Limit  patent  ownership  to  people 

Re:  Patent  trolls,  Machiavelli’s  descendents 
(http://tinyurl.com/yfkz9kf): 

The  problem  is  caused  by  allowing  vampire 
(undying)  corporations  to 
‘own’  patents.  In  reality,  the 
only  innovators  are  humans, 
and  thus  only  a  natural  per¬ 
son  should  be  able  to  own  a 
patent.  And  then  lease  it  out, 
on  a  non-exclusive  basis,  if 
any  desire  to  use  it. 

The  same  problem  occurs 
in  the  area  of  copyright.  We 
are  now  very  far  away  from 
that  clause  in  the  U.S.  Constitution  recognizing 
a  limited  property  right  for  natural  persons. 

Anonymous 

Don’t  forget  the  patient 

Re:  Harvard  study:  Computers  don’t  save  hospi¬ 
tals  money  (http://tinyurl.com/yj8xhmv): 

The  computer  systems  targeted  by  the  gov¬ 
ernment  funding  is  for  the  benefit  of  patients, 
not  hospitals.  One  goal  is  to  increase  medical 
record  access  and  sharing.  There  are  many 
cases  where  patients  have  to  spend  more 
because  they  need  to  retake  tests  they  had 
already  taken,  have  been  given  incorrect  medi¬ 
cation,  incorrect  amounts,  or  interaction  prob¬ 
lems  because  accurate  records  were  not  kept. 
There  are  cases  where  diagnoses  was  not  fast 
enough,  or  wrong,  because  they  did  not  have 
the  patient’s  full  medical  records.  Imagine  if 
a  doctor  had  full  access  to  a  patient’s  medical 
records  for  an  unconscious  person  in  an  emer¬ 
gency  room.  How  much  faster  that  person 
could  get  help  and  have  better  care.  This  “study” 
seems  to  be  aimed  toward  the  “business”  and 
‘accounting”  side  of  things  vs.  the  more  impor¬ 
tant  goal  of  helping  people  at  a  reasonable  cost 
with  quality  health  care. 

Anon 


[Prevx’s]  statement 
sounds  just  like  the  kind 
my  kids  make  after  they 
smack  their  sibling  in 
the  head  with  something 
and  then  cry  and  give 
a  detailed  explanation 
of  what  happened. 
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■  10-IT  tracks;  Vendor  Expo;  Peer  Case-Studies 
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BLOGOSPHERE 

■  Apple  wins  legal  battle  with  Psystar  as 
clonemaker  stops  selling  Mac  clones  in  wake 
of  Judge’s  ruling.  Network  World  blogger 
Yoni  Heisler  reports  that  after  months  of  legal 
wrangling,  Apple  finally  emerged  victori¬ 
ous  in  its  battle  to  prevent  Mac  clonemaker 
Psystar  from  selling  non-Apple  hardware  with 
pre-installed  copies  of  OS  X.  Apple  had  sued 
Psystar  in  July  2008,  and  rather  than  closing 
up  shop  as  many  had  expected,  Psystar  put 
up  a  determined  fight  to  challenge  Apple’s 
business  model  of  tying  its  operating  system 
to  its  own  hardware.  The  law  was  simply 

on  Apple’s  side  as  the  judge  presiding  over 
the  case  in  California,  Judge  William  Alsup, 
granted  Apple’s  motion  for  Summary  Judg¬ 
ment  when  he  found  that  Psystar’s  actions 
violated  Apple’s  copyrights  in  OS  X.  Further¬ 
more,  Alsup  ruled  that  Psystar  had  violated 
the  DMCA  for  writing  software  that  worked 
to  circumvent  security  measures  in  OS  X  that 
prevent  it  from  running,  at  least  in  theory, 
on  non-Apple  hardware.  In  the  wake  of  that 
ruling,  Apple  asked  the  court  for  a  permanent 
injunction  that  would  bar  Psystar  from  selling 
its  clones.  And  because  litigation  is  anything 
but  cheap,  Apple  also  requested  damages 
totaling  more  than  $2  million  —  a  figure  that 
encapsulates  Psystar’s  copyright  and  DMCA 
violations.  In  a  joint  order/stipulation  released 
last  week,  Alsup  ruled  that  Psystar  hand 
over  nearly  $2.7  million  in  damages  to  Apple. 
But  in  a  concurrent  agreement,  Apple  and 
Psystar  agreed  that  all  judgments  owed  would 
not  need  to  be  paid  until  Psystar  exhausts 
the  appeals  process.  Apple  also  agreed 
that  it  would  drop  any  remaining  claim. 
http://tinyurl.com/ygvkweg 

■  Google  changes  rules  for  Google  News  to 
placate  publishers.  Network  World's  Google 
Subnet  notes  that  Google  has  decided  to  limit 
the  amount  of  copyrighted  material  owned 
by  publishers  that  it  gives  away  for  free  in 

an  attempt  to  placate  publishers  who  are, 
understandably,  not  happy  with  the  situation. 
Previously,  Google  would  offer  for  free  content 
a  publisher  wanted  to  gate  and  charge  for. 
Google  in  essence  forbade  publishers  from 
charging  for  their  content  when  users  came  to 
that  content  via  Google  News.  If  a  user  found 
an  article  on  Google  News  and  clicked  on  it, 
the  publisher  could  not  direct  the  user  to  a 
"pay  for  this  first"  screen.  Instead,  Google  gave 
searchers  the  full  article  via  its  “First  Click 
Free”  program.  Google  would  show  the  whole 
article,  but  those  visiting  the  publisher's  Web 
site  directly  would  have  to  pay  for  it  to  see  it. 
Google  called  the  practice  of  hiding  an  article 
behind  a  plea  for  money  “cloaking”  and  would 
not  honor  it.  http://tinyurl.com/yzugxlc 
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SDG  News  Service 

OLED  screens  get 
flexible 

A  flexible,  color  OLED  screen 
suitable  for  next-generation 
portable  and  wearable 
devices  was  unveiled  last 
week  by  Taiwan’s  Indus¬ 
trial  Technology  Research 
Institute. 

http://tinyurl.com/yaqgbnb 


SDG  News  Service 

Japan’s  hottest 
robots 

A  robot  that  builds  Lego  mod¬ 
els  is  among  the  attractions 
at  this  year’s  International 
Robot  Exhibition  that  got 
underway  last  week  in  Tokyo. 
http://tinyurl.com/ycclsk4 


IDG  News  Service 

Japanese  robotic 
muscle  suit 

Students  at  Tokyo’s  University 
of  Science  have  developed  a 
new  version  of  their  muscle 
suit,  a  wearable  robotic  suit 
that  assists  the  muscles  when 
carrying  out  strenuous  tasks. 
http://tinyurl.com/y9fkcqf 
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Is  certification  valuable? 

We  have  the  definitive  answer 


IT  Best  Practices:  I’ve  always  held  the  belief 
that  certifications  are  important,  but  there  are 
quite  a  few  people  who  make  the  argument 
that  certifications  aren’t  relevant.  A  case  can  be 
made  either  way.  Now,  an  in-depth  three-year 
IDC  study  provides  real  data  that  shows  the 
relationship  between  training,  certification 
and  the  functional  performance  of  teams  of  IT 
professionals.  IDC’s  36-month  study  sur¬ 
veyed  more  than  1,100  IT  managers  who  are 
responsible  for  more  than  3,000  teams.  The 
survey  asked  for  details  about  more  than  80  IT 
performance  metrics  in  26  functional  domains, 
which  include  deployment,  development, 
management,  security,  storage  and  support. 
Having  analyzed  all  that  data,  IDC  has  come 
to  the  conclusion  that  certification  in  relevant 
areas  matters,  and  here’s  why.  Increasingly, 
companies  are  relying  on  their  IT  departments 
to  go  beyond  simply  deploying  and  operating 
IT  systems.  IT  departments  are  often  included 
in  business  transformations  and  process 
improvements  that  will  help  the  business  grow 
and  become  more  profitable.  This  means  the 
department  needs  to  have  a  staff  of  people  with 
both  business  acumen  and  IT  knowledge  and 
skills.,  http://tinyurl.com/yko6wye 


Security  Strategies:  Our  debate  today  con¬ 
cerns  the  proposition  that  criminal  hackers  are 
a  national  resource  and  should  be  cultivated  as 
valuable  contributors  to  national  and  corporate 
security.  I  utterly  reject  this  proposition.  No, 
society  must  not  reward  criminal  behavior. 
Criminal  hackers  —  those  who  break  the  law  by 
intruding  into  computer  systems  and  networks 
without  authorization  and  those  who  steal 
services  from  telecom  companies  —  must  not 
be  rewarded  for  their  criminality.  If  you  needed 
to  evaluate  the  security  of  your  home,  which 
would  you  hire:  a  burglar  who  claimed  to  be 
an  ex-burglar  or  a  bonded  security  specialist 
with  no  criminal  tendencies.  The  fundamental 
problem  with  hiring  criminal  hackers  is  their 
complete  lack  of  credibility.  Criminal  hackers 
believe  in  lying  and  cheating  as  a  bedrock  of 
their  hobby;  they  misrepresent  themselves  to 
the  security  system  and  to  the  human  beings 
they  can  trick  into  revealing  privileged  infor¬ 
mation.  Their  credo  is  tainted  by  the  video- 
game  fallacy:  if  it  is  possible  to  do  something,  it 
must  be  right.  Morality  exists  for  them  only  as 
a  technical  constraint:  if  you  think  something 
is  wrong,  make  it  impossible  to  accomplish. 
http://tinyurl.com/ylqrp2s 
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The  power  of  high-def  desktops. 


It’s  more  than  a  desktop.  It’s  an  Immersive  experience. 


Deliver  a  vibrant,  personalized,  high-definition  desktop 
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Cisco  wins  Tandberg  with 
91.1%  stake 

fter  a  hard  fought  battle,  Cisco  has  won  control  of  videoconferencing 
leader  Tandberg  by  securing  ownership  of  91.1%  of  the  company’s 
shares.  Cisco  had  to  raise  its  $3  billion  offer  and  extend  the  acceptance 
deadline  three  times  after  its  initial  offer,  made  on  Oct.  1,  was  rejected 
[by  more  than  90%  of  Tandberg  shareholders.  Two  groups  of  share¬ 
holders  and  two  investment  firms  representing  other  stakeholders  argued  that 
Cisco  was  undervaluing  Tandberg.  Cisco  relented  on  Nov.  16,  raising  its  offer  to 
$3.4  billion.  By  acquiring  Tandberg,  Cisco  is  looking  to  fill  its  desktop  and  mid¬ 
range  videoconferencing  product  portfolio.  Cisco  views  video  as  the  “killer  app” 
that  will  fill  up  bandwidth  and  drive  equipment  upgrades  into  the  next  decade. 
http://tinyurl.com/ydmeyql 


New  study  calls  for  cybersecurity  overhaul 
in  U.S.  The  U.S.  government  and  private 
businesses  need  to  overhaul  the  way  they  look 
at  cybersecurity,  with  the  government  offer¬ 
ing  businesses  new  incentives  to  fix  security 
problems,  the  Internet  Security  Alliance  said. 
The  alliance,  in  a  report  released  last  week,  also 
called  for  permanent  international  cybersecu¬ 
rity  collaboration  centers,  new  security  stan¬ 
dards  for  VoIP  communications  and  programs 
to  educate  corporate  leaders  about  the  benefits 
of  enhanced  cybersecurity  efforts.  The  report 
proposes  to  create  more  educational  programs 
on  risk  management  for  C-level  executives. 
http://tinyurl.com/yb8de6d 

Researchers  develop  3-D  squeezable  input 
device.  A  team  of  researchers  has  developed  a 
squeezable  mouse-like  input  device  that  gives 
three-dimensional  control  to  its  users.  The 
device  is  called  Suma,  short  for  satsuma  or  the 
mandarin  fruit,  said  Duncan  Smith,  head  of 
consumer  product  development  for  Cambridge 
Consultants.  Inside  Suma’s  pliant  foam  are 
light  actuators  surrounding  a  sensor  core.  As 
Suma  is  squeezed,  the  actuators  detect  pres¬ 
sure  and  movement  changes.  Those  signals  are 
processed  with  software  inside  Suma  and  then 
sent  to  the  software  program  that  can  accom¬ 
modate  the  device.  The  difference  between 
Suma  and  a  controller  for  Nintendo’s  Wii,  for 
example,  is  that  the 

motion-based 
control¬ 
lers 
let 


users  move  objects  but  not  manipulate  the 
shape,  which  has  the  potential  for  a  new  range 
of  applications,  Smith  said.  The  Suma  is  “very 
much  a  whole  picture  of  the  inside  of  your 
hand,”  he  said,  http://tinyurl.com/yjlzste 

2009’s  most  awesome  Android  apps. 

Google  last  week  named  the  win 
ners  of  its  second  contest  aimed 
at  encouraging  software  devel¬ 
opers  to  make  applications 
for  the  Android  mobile 
operating  system.  The 
overall  winner 
of  the  Android 
Developer 
Challenge  2  was 
SweetDreams,  an 
app  that  helps  users 
sleep  at  night  by  send¬ 
ing  late  calls  straight  to 
voice  mail.  Second  prize  went  to 
What  the  Doodle!?,  a  multiplayer  game 
of  online  Pictionary,  and  third  place  went  to 
WaveSecure,  a  mobile  security  app  that  backs 
up  data  and  lets  users  track  their  phones  and 
wipe  all  data  in  the  event  a  phone  is  stolen.  This 
year’s  crop  shows  off  an  enormous  variety  of 
complex  applications. 
http://tinyurl.com/yfm58tz 

SAP  readying  potential  Google  Wave  rival. 

SAP  plans  to  release  a  “virtual  war  room” 
decision-making  tool  dubbed  Constellation, 
which  could  be  a  potential  rival  to  Google’s  her¬ 
alded  Wave  collaboration  platform.  Constella¬ 
tion  will  consist  of  a  cloud-based  tool  (currently 
in  private  beta  under  the  code  name  12Sprints) 
accessible  via  a  Web  browser,  as  well  as  an  on¬ 
premises  component  that  will  let  users 
tap  securely  into  their  company’s 
various  data  stores.  “When 
you’re  working  in 
the  cloud  and  you 


have  the  right  [security]  credentials,  you  can 
tunnel  into  your  enterprise  and  forage  among 
all  the  ERP  data,  all  the  unstructured  data, 
all  the  petabytes  of  BI  data  you  have,  and  just 
access  it  through  that  one  point  in  the  cloud,” 
said  SAP  official  David  Meyer. 
http://tinyurl.com/yam5qzg 

Skype  opens  up  SIP  business  service  to 
everyone.  Any  business  that  has  a  corporate 
VoIP  system  can  now  use  Skype’s  SIP  trunking 
service  as  a  way  to  cut  the  cost  of  corporate 
phone  bills.  The  Skype  for  SIP  program  went 
into  general  beta  testing  last  week  after  being 
in  limited  beta  since  spring.  With  the  service 
customers  can:  enable  click-to-call  buttons  on 
Web  sites;  receive  inbound  calls  from  Skype 
endpoints  for  no  extra  cost;  set  up  direct- 
inward-dialing  Skype  phone  numbers  that 
reach  desktops  through  IP  PBXs;  and,  make 
outbound  calls  through  IP  PBXs  via  supple¬ 
mental  Skype  Out  service.  Skype  has  certified 
Cisco,  Shortel  and  SIPfoundry  IP  PBXs  to  work 
with  Skype  for  SIP  and  has  20  other  vendors 
including  Avaya  that  are  working  toward  certi¬ 
fication.  http://tinyurl.com/yl4aakw 

Broadcom  buying  Dune  Networks  for  cloud 
switching.  Broadcom  has  agreed  to 
acquire  Dune  Networks,  a  privately  held 
maker  of  high-speed  switch  fabrics,  for 
about  $178  million.  Dune  was  founded 
in  2000  and  sells  chipsets  for  high- 
capacity  network  equipment.  Its 
SAND  switch  fabric  can  scale  up  from 
lOGbps  to  lOOTbps  in  total  capacity 
and  support  individual  ports  with 
speeds  up  to  100-Gigabit  Ethernet.  It  is 
®  designed  as  the  heart  of  switches  for  data 
centers,  enterprise  LANs,  and  carrier 
core  and  edge  routers  and  Carrier  Ether¬ 
net  platforms.  The  acquisition  will  help  to 
meet  growing  demands  for  cloud  computing 
infrastructure,  Broadcom  said. 
http://tinyurl.com/yh9e8d4 

IBM  stays  tops  as  server  market  stabilizes, 
Gartner  says.  IBM  retained  its  narrow  lead 
over  HP  in  the  worldwide  server  market 
as  sales  began  to  stabilize  during  the  third 
quarter.  IBM  took  31.7%  of  server  revenue  in 
the  three  months  to  Oct.  31,  up  a  fraction  from 
last  year,  while  HP’s  share  stayed  more  or  less 
flat  at  30.2%,  according  to  Gartner.  They  were 
followed  at  a  distance  by  Dell,  Sun  and  Fujitsu. 
Server  revenue  overall  dropped  15.5%  from  the 
third  quarter  last  year,  to  $10.7  billion.  But  it 
was  up  by  10.2%  compared  to  the  second  quar¬ 
ter  this  year.  “It  is  important  to  put  the  yearly 
declines  into  perspective,”  said  Jeffrey  Hewitt,  a 
research  vice  president  at  the  firm.  The  server 
market  is  “showing  signs  of  stabilization.” 
http://tinyurl.com/y8deb4f 
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THANKS.  Because  the  ATLANTIC  ACM  awards  are  based  on  customer  evaluations,  we  couldn’t 


'•  •  -  f-  ..  '•  ■  . 

have  won  eight  of  them  without  you.  We’re  humbled.  We’re  honored.  And  to  celebrate,  we’re  going 
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to  keep  delivering  award-winning  voice  and  data  solutions.  To  find  out  what  award  winning  work 
Qwest  can  do  for  your  business,  visit  qwestsolutions.com.  ; 
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NEWSANALYSIS 


Which  mobile  OS  is  best  for  apps? 

IPhone,  BlackBerry  are  popular  smartphone  development  choices;  Android  a  wild  card 


BY  BRAD  REED 


Let’s  say  that  you’re  a  software  developer 
who  has  created  a  hot  new  application 
for  smartphones  that  you’re  certain  is 
about  to  take  the  world  by  storm.  Your 
work  isn’t  quite  done  and  here’s  the  prob¬ 
lem:  not  only  will  your  brilliant  and  innovative 
application  have  to  compete  with  several  other 
applications  that  have  similar  ambitions,  but  it 
will  have  to  compete  with  them  over  multiple 
platforms. 

With  so  many  different  mobile  operating  sys¬ 
tems  on  the  market  right  now,  it  can  be  daunt¬ 
ing  for  an  upstart  software  developer  to  make  a 
name  for  itself. 

Not  surprisingly,  there’s  no  one  solution  for 
software  developers  looking  to  thrive  in  the 
mobile  application  business.  Every  operating 
system  has  different  strengths  and  weaknesses 
and  something  to  offer  developers.  Take  the 
iPhone’s  operating  system,  which  has  consis¬ 
tently  received  praise  from  users  for  its  ease  of 
use  and  for  hosting  an  applications  store  that 
has  well  more  than  100,000  apps  to  choose 
from.  While  this  operating  system  sounds  like  a 
dream  for  many  developers,  some  have  said  that 
the  sheer  number  of  apps  they  have  to  compete 
with  has  made  the  going  tough. 

“The  iPhone  is  easier  to  develop  for  than  other 
operating  systems,  but  harder  to  make  money 
on,”  says  Paul  Reddick,  the  CEO  of  software 
developer  Handmark,  which  specializes  in  mak¬ 
ing  mobile  news  applications.  “Even  though  it’s 
relatively  easy  to  get  your  app  onto  the  App  Store, 
it’s  not  easy  when  you  have  100,000  people  that 
you’re  rubbing  shoulders  with.  So  the  key  thing 
is  to  figure  out  how  get  yourself  discovered.” 

Of  course,  the  fact  that  so  many  developers 
want  to  make  applications  for  the  iPhone  is  more 
a  sign  of  its  success  than  of  weakness.  Addition¬ 
ally,  some  developers  say  that  the  device’s  uni¬ 
form  screen  size  makes  creating  applications 
for  it  a  relative  breeze.  So  while  an  application 
designed  for  BlackBerry  or  Android  devices 
might  have  to  be  tweaked  to  fit  different  screen 
sizes,  an  app  for  the  iPhone  operating  system 
will  only  have  to  fit  into  the  iPhone’s  screen. 

“The  iPhone’s  biggest  strength  from  a  devel¬ 
oper’s  standpoint  is  that  it’s  one  size  fits  all,”  says 
Keith  Pichelman,  CEO  for  Concrete  Software,  a 
company  that  specializes  in  developing  popular 
games  such  as  Sid  Meier’s  Pirates  for  mobile 
platforms.  “Those  are  the  big  challenges  for  all 
the  other  platforms  that  have  wide  variations  in 
screen  size.” 

However,  Pichelman  says  the  operating  sys¬ 
tem  that  his  company  has  most  enjoyed  work¬ 
ing  with  so  far  has  been  that  of  the  BlackBerry. 


Breaking  down 
the  app  stores 

A  look  at  the  virtual  stores  for 
three  popular  platforms 

Once  you’ve  developed  your  killer 
application,  you’ve  still  got  to  sell  it 
online.  Here's  a  brief  breakdown  of 
the  application  stores  run  by  Apple, 
Research  in  Motion  and  Google. 


Apple’s  App  Store 

With  more  than  100,000  apps, 
it’s  the  most  popular  app  store 
around;  sheer  volume  of  apps 
available  makes  it  harder  to 
get  noticed;  Apple  is  generally 
lenient  about  what  it  allows  on 
and  it  typically  only  takes  a  few 
days  for  apps  to  get  approved. 


RIM’s  App  World 

RIM  is  the  most  particular  about 
what  it  allows  onto  its  store  and  its 
App  World  has  less  than  10,000 
applications  to  choose  from; 
developers  have  praised  RIM, 
however,  for  working  with  them  if 
they  are  committed  to  developing 
for  the  platform;  BlackBerry  is  the 
prime  market  for  enterprise  apps. 


Google’s  Android  Market 

The  easiest  store  to  get  your  app 
onto,  as  you  just  upload  it  and 
start  selling  it;  Google  only  takes 
down  inappropriate  apps  after 
they’ve  been  flagged  by  users. 


The  best  part,  he  says,  has  been  the  helpfulness 
of  Research  in  Motion,  which  he  says  gives  Con¬ 
crete  specific  guidelines  for  how  to  get  their  apps 
approved  and  up  on  BlackBerry  App  World. 

“They  have  been  extremely  helpful  with  tech 
contacts  and  with  public  relations  contacts 
and  it’s  been  that  way  for  years  now,”  he  says.  “I 
would  love  to  see  Apple  take  a  similar  approach. 
From  the  outside  view  they’re  doing  really  well 
but  it’s  just  tough  from  our  point  of  view  work¬ 
ing  with  them  sometimes  where  we  don’t  know 
what  they’re  going  to  approve  and  not  approve.” 

Shari  Hoffman,  the  sales  and  marketing 
spokesperson  for  developer  DataViz,  shares 
Pichelman’s  view  that  RIM  is  very  helpful 
toward  application  developers  and  says  Black¬ 
Berry  is  the  only  operating  system  where  Data- 
Viz’s  Documents  to  Go  mobile  office  suite  comes 
complementarily  on  the  devices. 


“RIM  is  great  to  work  with  at  the  primary  level, 
and  while  I  can’t  comment  on  what  it’s  like  work¬ 
ing  with  them  on  the  technical  and  development 
side,  we  haven’t  heard  any  complaints  about 
them,”  she  says. 

Reddick,  however,  says  that  while  RIM  does 
a  good  job  of  maintaining  relationships  with 
developers,  BlackBerry’s  operating  system  can 
present  challenges  to  developers.  For  one  thing 
he  says  it  can  be  difficult  to  make  a  single  appli¬ 
cation  that  is  interoperable  with  the  wide  variety 
of  BlackBerry  devices. 

“BlackBerry  is  not  the  easiest  operating  system 
to  develop  for  since  there  are  so  many  different 
versions  of  the  OS,”  he  says.  “So  writing  things 
that  will  work  on  one  device  doesn’t  mean  that 
they  will  work  on  others.  Something  that  works 
on  the  Tour  isn’t  guaranteed  to  work  on  the 
Bold." 

The  wild  card 

The  big  wild  card  to  hit  the  mobile  operating 
system  market  this  year,  however,  has  been 
Android.  Because  Google’s  mobile  operating 
system  is  open  source,  any  developer  can  access 
its  source  code  and  create  apps  without  getting 
a  license  from  Google. 

Additionally,  developers  say  it’s  a  breeze  to  get 
your  application  on  the  Android  Market,  as 
Google  does  not  act  as  a  gatekeeper  for  which 
applications  it  allows.  Rather,  Google  allows  all 
apps  onto  the  store  and  only  removes  inappro¬ 
priate  apps  after  they  are  posted. 

Ilya  Eliashevsky,  the  product  manager  for 
DataViz’s  Android  product  line,  says  Android 
provides  a  lot  of  different  advantages  for  smaller 
developers  because  it  lets  developers  simply  post 
their  app  on  the  store  and  wait  for  the  money  to 
roll  in  if  it  catches  a  lot  of  peoples’  attention. 

“We  created  an  account,  uploaded  our  apps 
and  then  hit  submit,”  he  says.  “Then  the  app  just 
started  showing  up  on  devices  and  we  saw  sales 
immediately  starting  to  roll  in.” 

Looking  more  toward  the  future,  Reddick 
thinks  that  these  features  will  make  Android  a 
major  player  in  attracting  Web  developers  due 
to  its  open  source  structure  and  the  fact  that  it’s 
started  to  appear  on  a  large  range  of  devices  over 
the  past  year. 

“I  can  see  Android  having  a  lot  of  success  in 
the  future  because  it’s  an  open  operating  sys¬ 
tem  that’s  going  to  run  across  a  lot  larger  range 
of  devices  from  different  manufacturers,”  he 
says.  “It’s  beginning  to  get  momentum  from  the 
developer  community  as  well. . . .  Right  now  if  I 
were  developing  an  app  with  the  goal  of  getting 
near-term  cash  I  would  make  sure  to  get  it  out  on 
BlackBerry  and  the  iPhone,  but  if  I’m  going  after 
long-term  growth  I’d  go  with  Android.”  ■ 
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SPECIAL  ADVERTISING  SUPPLEMENT 


Untangling  Complexity 

A  simple,  open  approach  to  IP  telephony  empowers  ShoreTel's 
award-winning  IP  phone  system  to  rise  above  other  communication  systems. 


IP  TELEPHONY  is  one  of  the  most  powerful  tools  in  business  today, 
enabling  users  to  communicate,  collaborate  and  innovate  like  never 
before.  But  too  often,  the  benefits  of  IP  telephony  are  overshadowed  by 
the  complexity  and  limitations  of  legacy  architectures. 

IT  professionals  are  so  taxed  trying  to  administer,  manage  and  scale 
these  monolithic  systems  that  they  have  little  time  left  to  strategically 
apply  unified  communications  to  meet  business  needs.  Inevitably,  users 
become  frustrated  and  abandon  what  should  be  a  revenue-generating 
opportunity  for  the  organization. 

ShoreTel  completely  eliminates  this  complexity  with  its  sophisticated, 
feature-rich  ShoreTel®  IP  phone  system.  The  unique,  easy-to-use, 
all-in-one  design  integrates  unified  communications  and  contact  center 
capabilities  with  the  IP  phone  system.  It  is  also  purpose-built  for  IP,  which 
inherently  simplifies  deployment,  administration  and  use,  alleviating 
the  burden  that  IP  phones  traditionally  place  on  IT  organizations.  For 
instance,  IT  staff  can  manage  the  system  and  perform  administrative  tasks 
from  anywhere  in  the  network  via  an  intuitive  Web-based  interface. 

UNPARALLELED  VALUE 


IP  Telephony:  All  Vendors,  Overall  Scores 


4.05 


Lucent 

Source:  2009  Nemertes  Research 


IP  telephony  infrastructure,  applications,  management  and  security  that 
ShoreTel  provides.  "We  picked  ShoreTel  because  of  its  enthusiastic  VARs, 
low  cost,  wide  support  of  SIP-trunking  service  providers,  unified  communi¬ 
cations  features  and  the  scalability  to  grow  as  we  grow,"  the  director  said. 
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Brilliantly  simple 
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In  recognition  of  the  power  of  this  simplified  and  cost-effective 
approach,  ShoreTel's  IP  communications  system  was  recently  named 
the  winner  for  the  sixth  straight  year  of  Nemertes  Research's  prestigious 
PilotHouse  Award  for  IP  Telephony.  The  award,  which  is  uniquely  based 
on  feedback  from  business  customers,  puts  ShoreTel  at  the  head  of  the 
pack,  beating  out  every  competitor  in  every  category,  including  value, 
customer  service,  sophistication  of  technology,  management  tools,  ease 
of  implementation  and  troubleshooting — all  key  areas  that  IT  depends  on 
for  a  successful  voice-over-IP  experience. 

"The  common  thread  among  participants  that  favor  ShoreTel  is  its 
value.  Low  prices,  a  broad  set  of  features,  scalability,  strong  customer 
service,  and  relatively  less  complicated  deployment  and  troubleshooting 
requirements  all  contribute  to  ShoreTel's  win,"  writes  Inwin  Lazar,  vice  pres¬ 
ident  of  Communications  Research  at  Nemertes.  ShoreTel  ranked  above 
the  field  of  competitors,  which  includes  Microsoft,  Cisco,  Alcatel-Lucent, 
Avaya,  3Com,  Mitel  and  Nortel. 

In  its  report,  Nemertes  quoted  a  director  of  telecom  for  a  U.S.  engi¬ 
neering  firm  who  was  excited  about  the  powerful  combination  of 


SEAMLESS  INTEGRATION 

The  heart  of  ShoreTel's  system  is  a  highly  reliable  and  intelligent 
switch-based  architecture  that  can  unify  communications  across  multiple 
locations,  supporting  IP  phones,  analog  devices  and  a  variety  of  trunk 
interfaces.  This  open  architecture  allows  IT  teams  to  easily  preserve  their 
investment  in  legacy  equipment  as  well. 

The  open  ecosystem  also  enables  organizations  to  easily  scale 
deployments  and  seamlessly  integrate  business  applications.  Users  can 
gain  instant  access  to  business-critical  applications  such  as  Microsoft 
Dynamics  CRM,  NetSuite  and  Salesforce.com  from  within  the  ShoreTel® 
Call  Manager  dashboard. 

Businesses  of  all  sizes,  including  the  San  Francisco  Giants  and  the 
Washington  State  Employees  Credit  Union,  are  now  able  to  avoid 
complexity  and  realize  the  promise  and  simplicity  of  IP  telephony  using 
ShoreTel's  IP  communications  system. 

"We  used  to  be  No.  1  across  Major  League  Baseball  in  terms  of 
telecom  costs,"  says  Bill  Schlough,  CIO  for  the  San  Francisco  Giants. 
"Those  expenses  were  coming  from  our  landlines.  It  was  the  simplicity 
and  reliability  of  the  [VoIP]  architecture  that  ShoreTel  had... compared  to 
others  that  would  require  multiple  racks  and  multiple  points  of  failure  that 
was  the  differentiator." 


Learn  more  about  ShoreTel's  IP  phone  system  at  http://shoretel.com/untangle 
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iPhone  security: 
there  needs  to  be 
more  apps  for  that 

While  more  will  emerge,  there  are 
a  variety  of  security  options  for 
enterprise  iPhones.  Here  are  some 
ideas  for  deciding  what  you  need: 

•  Make  use  of  both  the 
Microsoft  Exchange 
Server (Exchange 
Management  Console 
and  Exchange  ActiveSync 
Mobile  Administration 
Web  Tool)  and  Apple’s 
iPhone  Configuration 
Utility  (ICU),  which  was 
greatly  improved  with  the 
2009  Version  2.0. 

•  Evaluate  the  use  of 
digital  certificates  on  the 
iPhones. 

•  Learn  to  love iTunes 
and  App  Store,  at  least 
until  Apple  provides 
an  enterprise  over-the- 
air  option  for  software 
updates  and  application  downloading, 


■  iPhone,  from  page  1 

Apple’s  absolute  control  over  the  hardware 
and  software  means  the  “iPhone  has  the  poten¬ 
tial  of  becoming  the  most  secure  mobile  device 
on  the  market.  They’re  going  to  get  there,”  says 
David  Field,  device  management  and  security 
architect  for  Enterprise  Mobile,  an  IT  services 
company  that  specializes  in  enterprise  mobility 
and  is  backed  by  Microsoft. 

Experts  say  for  the  iPhone  to  become  a  more 
solid  enterprise  option,  Apple  needs  to  make 
changes  in  two  areas  in  the  near  future. 

The  first  is  support  for  over-the-air  applica¬ 
tion  downloads  and  firmware  updates,  perhaps 
by  early  2010.  Today,  enterprise  users  need 
iTunes  on  their  Mac  or  PC  to  get  software  and 
updates.  “Companies  don’t  want  users  connect¬ 
ing  the  iPhone  to  a  PC”  running  iTunes,  says 
Ken  Dulaney,  vice  president  of  mobile  com¬ 
puting  for  Gartner.  “That’s  because  they  want 
to  monitor  and  control  what  users  are  doing.” 
With  over-the-air  downloads,  enterprises  can 
control  deployment  of  authorized  applications 
directly  to  the  iPhone,  and  ensure  fast  fixes  for 
software  vulnerabilities  or  threats. 

Second,  expect  Apple  finally  to  lock  the 
iPhone’s  boot  loader  to  prevent  the  phone  from 
being  jailbroken.  Jailbroken  phones  can  load  a 
new  operating  system  image  that  discards  many 
of  the  protections  built  into  the  official  operat¬ 
ing  system,  such  as  the  sandbox  architecture  for 
applications,  Field  says.  The  sandbox  is  a  self- 
contained  “space”  for  the  application,  prevent¬ 
ing  or  limiting  access  to  data  in  other  applica¬ 
tions  or  hardware  features. 

Another  possibility  is  closer  cooperation  by 
Apple  with  third-party  security  vendors.  Gart¬ 
ner’s  Dulaney  speculates  that  Apple  may  intro¬ 
duce  a  way  for  these  vendors  to  exploit  limited 
background  processing  (or  multi-tasking)  on 
the  iPhone.  That  would  let  a  security  application 
connect  with,  monitor  and  control  lower-level 
operating  system  and  device  functions.  Dulaney 
says  Apple  has  been  talking  with  security  ven¬ 
dors  about  this  kind  of  lower-level  access. 

Some  vendors  are  working  with  the  Apple 
Push  Notification  Service,  introduced  earlier 
this  year,  to  mimic  multi-tasking.  Apperian,  a 
consulting  company  that’s  creating  custom 
iPhone  apps  and  software  frameworks  to  sup¬ 
port  large-scale  enterprise  iPhone  deployments, 
is  creating  an  SDK  to  simplify  this  for  security 
and  management:  a  server  sends  an  alert  via 
the  push  service  to  the  iPhone  and  wakes  up  a 
security  application  to  run  a  check  or  report  on 
a  possible  security  breach. 

Even  without  these  expected  changes,  the 
iPhone  today  meets  the  basic  security  heeds  for 
a  large  number  of  enterprise  customers. 

“The  iPhone  gives  you  ActiveSync  device  man¬ 
agement,”  Field  says.  “ActiveSync  is  becoming 
the  de  facto  management  and  security  platform 
for  these  lower-end  security  requirements.” 

Apple’s  security  improvements  create  a  basic 
foundation  that  supports  a  range  of  options  for 
enterprise  customers.  “Some  iPhone  apps  we 
build  for  enterprise  customers  are  low-security 


•  If  you  must  have  on-device  encryption, 
your  only  option  is  the  iPhone  3GS. 

•  iPhone  supports  a  number  of  VPN 
options;  against  the  benefits  weigh 
potential  drawbacks  like:  IT  support, 
VPN  performance  over  wireless 
connections,  and  the  endpoint  security 
of  the  phone  itself. 

•  Third-party  vendors  such  as  Boxtone, 
Good  Technology,  Sybase  and 
Zenprise  create  a  more  intuitive  GUI 
over  underlying  features  of  Exchange 
and  ICU,  and  can  add  features  on 
top  of  that,  such  as  greater  visibility 
into  iPhone  activities,  over  the  air 
provisioning,  device  tracking  and 
improved  asset  management. 


applications,  like  searching  a  corporate  direc¬ 
tory  or  finding  a  location  on  a  big  campus,” 
Apperian’s  CTO  Bin  Lee  says. 

At  Chicago  law  firm  Sonnenschein  Nath  & 
Rosenthal  LLP,  there  was  “tremendous  demand” 
from  lawyers  to  support  iPhone  as  an  alternative 
to  the  ubiquitous  BlackBerry,  recalls  the  firm’s 
CIO,  Andy  Jurczyk.  He  resisted  those  demands 
until  Apple  improved  security  in  2008  with 
ActiveSync  supporting  Exchange  policies.  “It 
was  enough  for  us  to  build  on,”  he  says. 

Sonnenschein  begins  by  provisioning  each 
iPhone,  configuring  it  for  each  user.  The  firm 
uses  the  current  iPhone  capabilities  but  adds  a 
digital  certificate  to  create  two  improved  security 
layers.  Initially,  the  user  logs  on  with  a  strong 
password,  enforced  by  the  software.  The  combi¬ 
nation  authenticates  the  user  to  work  with  the 


iPhone  and  to  access  Exchange  via  ActiveSync. 

If  users  want  to  connect  to  the  firm’s  Microsoft 
SharePoint  Server  to  access  client  documents, 
for  example,  they  have  to  go  into  “settings”  and 
activate  the  VPN,  the  rules  for  which  are  deter¬ 
mined  by  the  added  certificate.  Users  have  to 
enter  a  second  Active  Directory  password  to 
complete  the  secure  log-in. 

Separately,  the  firm’s  iPhones  run  a  two-factor 
authentication  software  token  from  RSA  Secu¬ 
rity,  which  generates  a  one-time  password  when 
a  user  logs  into  Exchange  with  the  Safari 
k  Web  browser  via  Outlook  Web  Access,  or 

■  into  virtualized  applications  hosted  on  the 
||ji  firm’s  Citrix  servers. 

ft  “There  are  things  we  can  do  on  the  back 
ft  end  with  RIM  that  we  can’t  even  come  close 
to  with  iPhone,”  Jurczyk  says.  “But  there’s 
|  enough  [with  iPhone]:  we  can  kill  the  device, 
!  and  apply  our  security  certificate.”  There 
Hi  are  about  200  iPhones  deployed. 

1  The  German  branch  of  global  IT  services 
H  firm  Logica  has  taken  a  different  approach 
!§  in  rolling  out  about  1,400  iPhones,  all  run- 
!|  ning  the  3.0  firmware,  strictly  for  e-mail  and 

■  PI  M  access  via  Outlook  Web  Access.  “With 
W  the  OWA  capability  and  Exchange,  you  don’t 

need  any  additional  products  to  establish  a 
secure  connection  between  the  iPhone  and 
the  enterprise  back-end,”  says  Jan  Kokott,  head 
of  mobile  devices  for  Logica  Germany. 

The  connection  relies  on  SSL-based  authen¬ 
tication,  and  Exchange  administrators  can  view 
basic  information  about  the  device,  the  user 
and  activities.  They  can  also  remote  wipe  the 
iPhones  clean  of  data  if  they  are  lost,  stolen  or 
jailbroken. 

Kokott  says  Logica  considered  using  a  VPN 
connection  but  decided  that  it  wasn’t  necessary. 
A  VPN  makes  the  iPhone  a  core  part  of  the  inter¬ 
nal  network,  he  says.  That  was  a  level  of  access 
and  complexity  that  isn’t  currently  needed.  In 
any  case,  mobile  applications  need  a  completely 
different  design  approach.  “There  is  no  use  in . . . 
[just]  porting  an  existing  [application]  workflow 
to  a  mobile  device,”  he  says. 

The  updated  ICU  has  become  a  powerful  tool 
for  creating  iPhone  configuration  profiles  that 
implement  a  range  of  security  policies,  such  as 
enforcing  strong  passwords,  shutting  off  the 
camera,  blocking  access  to  some  content  such  as 
disabling  the  Safari  browser  or  access  to  iTunes 
or  YouTube.  Each  device  can  make  use  of  mul¬ 
tiple  profiles  for  different  kinds  of  access,  such 
as  one  for  Exchange  but  a  different  one  for  VPN 
or  Wi-Fi  connections. 

But  ICU  won’t  push  these  out  to  the  handsets. 
You  have  to  e-mail  them  or  provide  users  with 
a  link  to  a  Web  site.  “It’s  very  manual,”  Field 
says.  “The  fact  that  there’s  not  over-the-air  push 
deployment  under  the  hood  is  a  non-starter  for 
many  enterprises.” 

But  the  3.0  firmware  did  introduce  one  over- 
the-air  feature:  support  for  Simple  Certificate 
Enrollment  Protocol,  which  authenticates  a 
device  for  automatic  distribution  of  digital 
certificates.  ■ 
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Cisco  develops  the  Borderless  Network 

Architecture  to  ensure  enterprises  can 

•  •  ” 

support  the  growing  demands  for  user 
location-  and  device-independence 


Users  are  clamoring  for  connectivity. 

It  doesn't  matter  where  they  are,  what  device  they're  us¬ 
ing,  or  what  applications  they  want  to  access,  they  simply 
want  in— and  without  worrying  about  bringing  the  corpo¬ 
rate  network  to  its  knees  or  a  lapse  of  security. 

At  the  same  time,  users  are  becoming  more  multimedia- 
sawy  and  social  by  nature.  That  portends  skyrocketing 
amounts  of  video  and  interactive  user  content  on  the 
corporate  network. 


But  rest  assured,  Hattar  says,  the  borderless  network  is 
not  about  getting  rid  of  security  policy.  "We're  not  propos¬ 
ing  that  you  eliminate  security  borders  but  rather  the  bar¬ 
riers  that  borders  present.  This  is  about  making  borders 
so  transparent  that  you  can  cross  them  at  any  location 
and  not  know  or  be  impacted  from  a  business  productivity 
standpoint  that  borders  are  there,"  she  explains. 

MOBILITY,  VIDEO  AS  DRIVERS 


Running  for  the  hills  might  be  your  reaction  to  these 
mounting  pressures.  Or,  you  could  go  borderless. 

In  fact,  going  borderless  is  the  only  way  to  handle 
the  challenges  effectively,  says  Marie  Hattar,  vice 
president  of  network  systems  and  security  solutions 
at  Cisco  Systems. 

As  Cisco  defines  it,  the  borderless  network  is  a  platform 
for  enabling  customers  to  connect  anyone,  anywhere, 
anyplace  and  anytime  in  a  seamless,  reliable  and  secure 
fashion.  Toward  that  end,  Hattar  says,  Cisco  is  delivering  a 
set  of  technologies  across  its  core  networking  portfolios: 
routing,  switching,  wireless,  security  and  WAN  acceleration. 

"The  borderless  network  is  realized  by  a  set  of  user  ser¬ 
vices  providing  borderless  security,  mobility  and  perfor¬ 
mance,"  Hattar  says.  "Complementary  network  services 
provide  the  connections— systems  if  you  will— that  enable 
that  user  experience.  These  network  functions  can  be 
identity-based  components,  location,  energy  management 
or  media  assurance  for  video  delivery,  for  example." 

BORDERLESS  but  secure 

As  you  consider  the  borderless  network  concept,  think  about 
life  without  a  perimeter  delineating  the  internal  from  external. 
You  no  longer  have  to  worry  about  where  an  application 
resides.  Rather,  you  can  deliver  applications  from  anywhere— 
your  data  center,  the  public  cloud  or  a  hybrid  of  the  two. 

Likewise,  users  do  not  have  to  move  through  a  border 
checkpoint  to  gain  network  entry. 


As  much  as  security  defines  the  borderless  network  and 
necessitates  this  transformation,  so  too  do  mobility  and 
video,  Hattar  adds. 

"The  ability  to  take  mobility  and  location  and  then  integrate 
security,  no  matter  where  you  are  and  what  device  you're 
on,  is  the  hallmark  of  how  the  borderless  network  will 
deliver  seamless  application  access,"  she  says. 

But  perhaps  the  biggest  challenge  for  today's  networks  is 
video,  which  some  analysts  expect  will  make  up  90  percent 
of  all  consumer  Internet  traffic  in  three  years.  That  means, 
organizationally,  you  need  to  be  able  to  embrace  video 
today— and  the  borderless  network  is  tailored  for  that. 

Think  of  it  this  way,  Hattar  says:  "The  borderless  network 
platform  not  only  will  enable  video  and  other  next- 
generation  applications  from  a  performance  perspective, 
but  also  let  IT  scale  those  applications  across  location  and 
device  as  it  ensures  reliable,  secure  experiences." 

Knowing  that  an  influx  of  new  application  demands  will 
inevitably  hit  your  already-strained  network,  now  is  the 
time  to  get  started  architecting  for  the  borderless  network. 
"The  only  way  of  addressing  that  challenge  on  a  perma¬ 
nent  basis  that  will  result  in  better  business  benefits  is  to 
deliver  a  borderless  network,"  Hattar  says. 

Read  expert  blogs,  download  white  papers  and  watch  videos  at 
the  Masters  of  Borderless  Networks  site  on  Networkworld.com: 

www.networkworld.com/community/borderless_networks. 
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Taming  IT  mgmt.  complexity 

IT  management  newcomers  tackle  cloud  computing,  virtualization,  advanced  apps 


BY  DENISE  DUBIE 


IT  management  start-ups  taking  advantage 
of  new  software  delivery  models,  incor¬ 
porating  innovative  computing  platforms 
and  attacking  sophisticated  problems  with 
simpler  approaches  could  help  enterprise 
IT  managers  embrace  emerging  technologies 
such  as  cloud  computing  and  virtualization 
without  giving  up  control  of  their 
environments. 

“Technologies  like  virtualization 
and  cloud  computing  are  driving 
the  demand  for  advanced  automa¬ 
tion  and  service-level  management 
capabilities  because  environments 
using  both  internal  and  external 
computing  change  the  way  man¬ 
agement  software  must  work,” 
says  Andi  Mann,  research 
director  at  Enterprise  Man¬ 
agement  Associates.  “Man¬ 
agement  software  needs  to  be 
aware  of  its  environment  and 
now  it  must  be  able  to  adapt  to  manage  applica¬ 
tions  and  services  in  these  hybrid  on-premise/ 
cloud  computing  environments.” 

A  flurry  of  fresh-faced  companies  has  emerged 
to  both  ease  familiar  pain  points  and  address 
newfound  challenges.  Several  upstarts  say  they 
can  do  it  by  using  the  very  technologies  that  are 
driving  the  complexity  in  today’s  heterogeneous 
networks:  software-as-a-service  (SaaS),  cloud 
computing  and  virtualization. 

“There  has  definitely  been  a  change  in  delivery 
models.  Now  management  software  is  available 
via  quite  a  wide  spectrum,”  says  David  Williams, 
research  vice  president  at  Gartner.  “Because 
management  requires  on-premise  data,  many 
service  offerings  still  require  a  probe  or  bit  of 
software  on  the  customer  site,  but  the  heavy  lift¬ 
ing  of  the  management  technology  can  be  done 
by  the  vendor.” 

Sophisticated  software 

For  instance,  companies  such  as  AccelOps, 
Aprigo  and  Vineyard  Networks  offer  their  man¬ 
agement  SaaS,  which  enables  IT  managers  to 
reap  the  benefits  of  sophisticated  management 
software  without  investing  the  time  in  installa¬ 
tion  and  maintenance  of  the  applications.  Ser- 
vice-now.com  led  the  way  for  management  ven¬ 
dors  to  package  their  ware  as  managed  services, 
inspiringboth  newcomers  and  veterans  such  as 
BMC,  CA  and  HP  to  embrace  the  SaaS  model. 

The  fact  that  IT  buyers  want  management 
software  in  more  easily  digestible  formats  is  no 
surprise  to  industry  watchers,  who  say  the  com¬ 
bination  of  the  economic  downturn,  growing 


complexity  of  customer  environments  and  the 
lack  of  budget  dollars  and  manual  labor  pushed 
management  technology  to  its  tipping  point. 
Now  not  only  do  management  software  makers 
have  to  provide  insight  into  the  environment, 
they  must  also  be  able  to  automate  multiple 
tasks,  with  little  input  from  human  operators. 

“Automation  has  just  exploded  because  IT 
managers  need  to  improve  efficiency  and  pro¬ 
ductivity,  without  adding  a  lot  of 
staff,”  says  Glenn  O’Donnell,  senior 
analyst  with  Forrester  Research. 
‘Virtualization  has  exploded  and 
torn  down  the  barriers  of  resis¬ 
tance  and  trust  that  used  to  keep  IT 
from  adopting  automation.” 

Newcomers  such  as  AccelOps, 
Conformity  and  Elastra  plan  to 
cash  in  on  this  need  for  higher  IT 
automation  in  advanced  comput¬ 
ing  environments  using  virtual 
systems  and  potentially  cloud 
services.  AccelOps  is  able  to 
map  IT  services  down  to  the 
network  level  and  perform  root  cause  analysis 
without  requiring  IT  staff  to  recreate  incidents  or 
compile  sophisticated  data.  Elastra ’s  Enterprise 
Cloud  Server  (ECS)  is  a  platform  to  automate  the 
allocation  of  application  and  related  resources 
existing  in  private  and  public  cloud  computing 
environments.  And  Conformity  promises  to  help 
enterprise  IT  customers  with  complex,  multi- 
sourced  environments  better  manage  identities 
and  access  to  various  applications.  Conformity 
executives  say  their  cloud  application  manage¬ 
ment  platform  will  provide  centrally  managed 
visibility  and  control  over  SaaS  users  for  compli¬ 
ance  and  governance  purposes. 

Management  critical 

‘Management  has  become  so  critical  to  cloud 
computing  because  cloud  depends  on  virtu¬ 
alization  and  the  automated  provisioning  and 
spinning  out  of  virtual  machines.  Virtualization 
management  continues  to  be  a  healthy  segment 
of  the  market,  and  cloud  management  is  one 
step  up  from  that,”  says  Mary  Johnston  Turner, 
research  director  at  IDC. 

Considering  the  complexity  IT  managers 
face  they  also  want  tools  to  simplify  operations 
management  and  really  dig  into  the  details  of 
network  data. 

“IT  management  customers  have  been  telling 
vendors  ‘simplify  this,  make  the  purchase  pro¬ 
cess  and  economic  impact  simpler’  and  vendors 
have  responded  with  virtual  appliances  or  SaaS 
offerings,  which  are  ways  for  the  vendors  to  do 
all  the  integration  and  hide  the  complexity  of  the 
technology,”  O’Donnell  says. 


That’s  why  companies  such  as  ExtraHop  Net¬ 
works  and  layerX  Technologies  are  getting  atten¬ 
tion.  Separately,  the  vendors  provide  products 
that  help  enterprise  IT  track  the  performance 
of  business  services  down  to  the  granular  net¬ 
work  layers.  The  ExtraHop  Application  Deliv¬ 
ery  Assurance  system  is  software  packaged  as 
an  appliance  that  passively  autodiscovers  serv¬ 
ers  and  devices  connected  to  the  network  and 
inspects  network  traffic.  This  view  into  applica¬ 
tion  performance  from  a  network  perspective 
is  becoming  increasingly  valuable  to  IT  man¬ 
agers,  analysts  say.  LayerX,  on  the  other  hand, 
provides  an  IT  search  technology  called  punq, 
portable  utility  for  network  query. 

“Punq  offers  the  ability  to  gather  huge  amounts 
of  data  and  try  to  make  sense  of  it  based  on  a  time 
stamp.  It  is  not  an  overly  sophisticated  technol¬ 
ogy,  but  if  you  know  what  information  you  need, 
this  type  of  tool  picks  up  loads  of  data  and  helps 
you  make  sense  of  it  faster,”  Williams  says. 

In  search  of  data 

Companies  such  as  Splunk  started  the  IT  search 
trend  a  few  years  back,  but  it  is  now  taking  off 
with  IT  managers  that  need  a  way  to  gather 
meaningful  data  quickly. 

“The  service  desk  function  and  other  support 
groups  are  always  in  search  of  data  in  real  time 
during  their  troubleshooting  activities.  Logs, 
configurations,  traps,  alerts,  script,  codes,  met¬ 
rics  and  configuration  details  are  all  real  data 
that  can  be  extremely  useful  during  the  inci¬ 
dent  and  problem  management  process,  writes 
Evelyn  Hubbert,  senior  analyst  at  Forrester 
Research  in  a  recent  report.  “IT  search  engines 
can  help  gather  data  from  a  variety  of  sources 
and  organize  it  into  information  chunks.” 

And  upstart  DeskCenter  Solutions  promises 
to  make  client  systems  management  easier  by 
combining  IS  applications  into  one  software  suite, 
which  manages  both  physical  and  virtual  servers 
and  desktops.  Cisco  veterans  came  together  to 
launch  Windmill  Networks,  which  offers  its  Inte¬ 
gration  Manager  as  a  VMware  virtual  appliance. 
The  software  correlates,  translates  and  reconciles 
information  collected  from  multiple  third-party 
management  systems  to  highlight  configuration 
inconsistencies  between  tools,  which  could  pre¬ 
vent  performance  problems. 

Another  start-up  launched  by  manage¬ 
ment  industry  veterans,  RiverMuse  provides 
advanced  event  and  fault  management  using 
an  open  source  business  model.  With  vendors 
such  as  Groundwork,  Hyperic  and  Zenoss  offer¬ 
ing  commercial  support  packages  for  their  open 
source  software,  enterprise  IT  buyers  can  now 
adopt  the  flexible  technology  without  worrying 
about  support.  ■ 


10  IT  MANAGEMENT 
TECHNOLOGY  START-UPS 
TO  WATCH  2009 
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//  It’s  somewhat  revolutionary.  [In  the  core 
BB  trends  around  virtualization  and  the  cloud] 
what’s  bogging  down  the  CIO?  Security.” 


RON  HOVSEPIAN,  NOVELL  CEO 


9  Novett,  from  page  1 

products  over  the  next  year  to  support  the  plan. 

“It’s  somewhat  revolutionary,”  said  CEO  Ron 
Hovsepian  during  an  interview  with  Network 
World.  “[In  the  core  trends  around  virtualiza¬ 
tion  and  the  cloud]  what’s  bogging  down  the 
CIO?  Security.” 

While  Novell  is  taking  an  aggressive  approach, 
other  management  vendors  such  as  HP  and  IBM 
are  also  in  the  mix.  For  its  part,  Novell  during  the 
first  quarter  of  next  year  plans  to  release  a  tool 
called  Workshop  that  customers  can  use  to  build 
workloads  on  Linux  and  Windows.  Offerings 
following  that  will  include  the  SUSE  Appliance 
Toolkit  for  deploying  and  maintaining  Linux- 
based  appliances  in  physical  and  virtual  envi¬ 
ronments  for  update,  access  and  configuration. 

Analysts  say  Novell’s  initiative  is  likely  to  first 
win  adoption  among  the  company’s  existing 
customers  that  are  virtualizing  their  servers  and 
using  products  such  as  Novell’s  Identity  Manager. 
But  Novell’s  approach  should  catch  the  eye  of  non- 
Novell  customers,  too,  industry  watchers  say. 

“Today,  the  workload  is  moving  around.  You 
might  shift  it  to  New  York,  for  instance,  if  your 
main  usage  is  there,  and  traditional  firewalling 
and  identity  management  aren’t  enough  any¬ 
more,”  says  James  Staten,  principal  analyst  at 
Forrester  Research.  “You  want  something  very 
lightweight  that  sets  policy  and  identity  in  the 
application.” 

Novell  needs  its  Intelligent  Workload  Man¬ 
agement  effort  to  pay  off  in  light  of  falling  rev¬ 
enue  and  growing  losses,  even  as  the  company’s 
Linux-based  products  business  is  on  the  rise 
(the  company  last  week  posted  a  fourth  fiscal 
quarter-over-quarter  revenue  dip  of  12%  and  a 


loss  of  $256  million,  which  swelled  in  large  part 
due  to  acquisition  and  other  costs). 

The  foundation  components  for  security  in 
Novell’s  Intelligent  Workload  Management 
initiative  include  capabilities  available  in 
Identity  Manager  4  for  real-time  provision¬ 
ing,  reporting  and  management  as  well  as  the 
already  announced  Cloud  Security  Service,  also 
expected  to  debut  in  2010. 

Novell  today  offers  management  products 
under  the  brands  PlateSpin  Workload  Manage¬ 
ment  and  Business  Management,  but  the  com¬ 
pany  will  introduce  products  that  integrate  and 
extend  management  capabilities  to  the  cloud. 

These  will  include  PlateSpin  “Atlantic,”  a  self- 
service  provisioning  portal,  PlateSpin  “Bluestar” 
for  physical  server  change  and  configuration 
management  and  monitoring,  and  ZENworks 
“Workbench,”  a  master  repository  and  change/ 
control  system  for  on-demand  deployment  of 
workloads. 

Other  Novell  products,  including  Business 
Service  Manager,  Business  Experience  Manager, 
myCMDB  and  Sentinel  Log  Manager,  will  also  be 
tailored  for  service-level  reporting  of  workloads 
across  physical,  virtual  and  cloud  environments. 
Another  product  is  expected  to  be  Compliance 
Automation  to  integrate  Sentinel  security  infor¬ 
mation  and  event-monitoring  with  Business  Ser¬ 
vice  Manager  for  monitoring  events. 


While  there  are  a  lot  of  unknowns  about  how 
exactly  the  effort  will  play  out,  Forrester’s  Staten 
says  Novell  is  bringing  a  strong  argument  to  the 
table  about  managing  workloads  in  a  virtualized 
environment.  He  notes  this  has  been  a  weighty 
topic  for  other  vendors,  including  HP  with  its 
Orchestrator,  though  it’s  not  oriented  toward 
heterogeneous  virtualization. 

Mary  Johnston  Turner,  research  director 
at  IDC,  says  Novell  is  addressing  a  new  set  of 
requirements.  “As  we  move  into  dynamic  virtu¬ 
alization,  you  need  to  integrate  and  have  a  more 
policy-based  approach,”  she  says. 

However,  Turner  notes  that  this  approach 
presents  challenges  in  that  organizations  have 
an  installed  base  of  management  tools  and  are  not 
set  up  to  run  the  way  that  Novell  envisions.  There 
is  also  the  practical  matter  of  seeing  how  well 
Novell  delivers  on  its  promises,  though  she  gives 
the  vendor  “credit  for  being  early  to  the  game.” 

Laura  DiDio,  principal  analyst  at  Information 
Technology  Intelligence,  points  out  there’s  a  real 
need  for  a  heterogeneous  approach  to  container 
virtualization  because  companies  often  do  use 
more  than  one  type  of  server  virtualization.  In 
a  recent  survey  of  about  1,000  organizations, 
DiDio  said  almost  40%  used  multiple  types  of 
server  virtualization.  “They  get  VMware,  Micro¬ 
soft,  Citrix,  and  a  real  surprise,  Parallels  for  the 
Mac,”  she  says.  8 


RISKANDREWARD  BY  ANDREAS  ANT0N0P0UL0S 

Security  review:  Good  riddance  to  2009 


LOOKING  BACK  AT  2009,  I’m  sure  I  will  not 
be  alone  in  celebrating  the  end  of  the  year  with 
gusto.  2009  was  a  difficult  year  for  most,  with 
a  slow  recovery  and  challenging  business  conditions.  Let’s  see  how  I  did 
predicting  security  trends  in  2009: 

Host-based  security.  I  predicted  that  host-based  security  would  rise 
in  importance  with  the  release  of  Windows  7.  It  is  still  too  early  to  tell  if 
Windows  7  will  shift  the  discussion  in  security,  but  so  far  this  prediction 
has  not  come  true.  Perhaps  it  represented  wishful  thinking. 

Mobile  security  concerns  and  solutions  grow.  I  predicted  the  emer¬ 
gence  of  a  Trojan  on  a  mobile  platform  and  the  increased  importance  of 
security  for  mobiles.  The  iPhone  worm  and  other  security  incidents  vali¬ 
date  this  prediction. 

Encryption  grows.  At-rest  encryption  did  in  fact  grow,  coming  as  stan¬ 
dard  in  most  desktop  operating  systems  and  being  widely  adopted  by  com¬ 
panies  as  a  default  policy.  E-mail  encryption  is  still  a  challenge,  according 
to  last  year’s  prediction.  I’ll  count  this  one  as  a  successful  prediction 

No  news  is  bad  news.  While  no  new  major  malware  outbreaks  made 
huge  headlines,  the  silent  spread  of  stealthy  keyloggers,  Trojans  and  bot¬ 
nets  continued.  As  predicted,  more  computers  fell  prey  to  these  silent 
threats  while  the  lack  of  headlines  is  broadly  and  incorrectly  seen  as  “suc¬ 
cess”  against  malware. 


New  botnets  are  discovered  and  they’re  bigger  than  ever.  Fortu¬ 
nately,  my  prediction  was  correct  but  incomplete.  Not  only  were  several 
major  botnets  discovered  in  2009,  but  a  few  of  them  were  dismantled  with 
security  firm  and  law  enforcement  action,  leading  to  measurable  (though 
temporary)  decreases  in  spam. 

Regulatory  compliance  is  back  with  a  vengeance.  I  thought  by  now 

we  would  have  a  couple  of  mega-regulations  to  complement  the  Sarbanes- 
Oxley  Act.  Other  than  the  strengthening  of  the  Health  Insurance  Porta¬ 
bility  and  Accountability  Act  under  the  stimulus  and  Electronic  Health 
Record  initiatives,  regulatory  compliance  did  not  explode.  However,  this 
prediction  is  only  off  by  a  matter  of  months.  It  will  be  carried  into  2010, 
with  a  high  likelihood  because  many  regulatory  schemes  are  moving 
through  committees  in  both  the  House  and  the  Senate. 

Security  projects  struggle  for  funding.  IT  professionals  told  us 
throughout  2009  that  projects  needed  demonstrable  ROI  to  get  funding. 
The  only  exceptions  were  projects  driven  by  compliance,  as  predicted. 

I  think  I  can  count  5  out  of  7  as  correctly  predicted,  so  onwards  to  2010. 
It  can’t  arrive  soon  enough.  ■ 

Antonopoulos  is  senior  vice  president  and  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  He  can  be  reached 
at  andreas@nemertes.com. 


16  DECEMBER  7, 2009  www.networkworld.com 


HBHtt 


solutions  for  your 


Powerful  website 
small  business. 

1&1®  Business  Pac 

■  3  FREE  Domain  Names 

■  250  GB  Web  Space 


Go 

Daddy 


Yahoo 


Private  Domain 
Registration 


■  UNLIMITED  Traffic 


Included 


1  GB 
Mailbox 


Mailbox 


E-mail 

Account 


Included 


ERS  HAVE  VOTED 


Your  loyalty  has  helped  make  us  the  leading  web  hosting  provider  worldwide.  1&1  was  built  on  a  foundation  of 
innovative  products  and  outstanding  reliability,  and  we  continue  to  strive  to  bring  you  high-quality  products  at 
affordable  prices.  To  show  our  appreciation,  we're  offering  discounts  on  our  most  popular  products. 


domains 


Included 


3  months 


FREE 

2  GB 
Mailbox 


12/31/2009! 


hurry,  SPECIAL 


More  special  offers  are  available  online,  visit  www.1and1.com 


’Offers  valid  through  December  31,  2009.  "3  Months  Free"  offer  valid  with  a  12  month  minimum  contract  term  only.  Setup  fee  and  other  terms  and  conditions  may  apply.  Visitwww.1and1.com  for 
full  promotional  offer  details.  Program  and  pricing  specifications  and  availability  subject  to  change  without  notice.  1&1  and  the  1&1  logo  are  trademarks  of  1&1  Internet  AG,  all  other  trademarks 
are  the  property  of  their  respective  owners.  ©  2009  1&1  Internet,  Inc.  All  rights  reserved. 


DEMO  TO5 

DEMO  DRIVES  INNOVATION 


^  Consumer  Winner: 


^Rk  Emo  Labs 


Listen  more 


SW’&lff  *’ 

. 


cwio  Labs,  Inc.  has  changed  the 
ENVO  pxDerience  multimedia  content 
WaYu  700  ble  ^-footprint  speaker 

W'  'nV  maaine  a  TV  with  great  stereo 
systems.  Im  fl  ,he  display 

S°Un1' C°mZa  audio and  video  for  a 

panel,  umly  9  ^  and  compeUmg 

more  natural; 

presentation. 


si.. 


: 


DEM0pfflS5 


70  companies  launched  and  pitched  their  products  at  the  most 
recent  DEMOfall  09  conference.  The  DEMO  attendee  audience 
of  venture  capitalists,  corporate  business  development  officers 
and  press  evaluated  all  demonstrator  launches  and  the  overall 
value  proposition  of  each  company  to  determine  the  DEMO 
People's  Choice  Award  winners. 


■jm. 


H! 


Emo  Labs 

wsgjP**^  Listen  more" 

Watch  their  Award-Winning  Product  Launch  at 

www.demo.com/ demopcwinners 


What  DEMO  Says  About  Emo  Labs: 


As  flat  panel  televisions  get  thinner,  so  does  the  audio  they  deliver.  The  physical 
dimensions  of  the  display  simply  don't  provide  the  space  to  integrate  a  great 
sound  system.  Emo  Labs  rethinks  the  integrated  speaker  in  a  dramatically  and 
new  approach  that  delivers  rich,  high-fidelity  sound  to  match  high-definition 
video.  It's  brilliant  engineering  and,  after  you  hear  it,  you'll  not  want  anything 
less  in  your  high-def  TV. 

DEMCWoio  REGISTER  NOW 

The  Launchpad  for  Emerging  Technology 

DEMO  continues  to  deliver  the  best  innovation  at  DEMOspring  2010. 

For  complete  information  and  to  register,  go  to  www.demo.com 


«• 


TECHUPDATE 

An  inside  look  at  technologies  and  standards 


Reducing  data  center  energy  use 


BY  LARS  STRONG 


esearch  from  the  Uptime  Institute 
reveals  that  60%  of  the  available 
cooling  in  a  typical  computer  room  is 
wasted  due  to  airflow  losses. 

But  the  good  news  is  that  optimizing 
your  airflow  represents  the  greatest  opportunity 
for  reducing  operating  costs  and  deferring  capi¬ 
tal  costs.  That  will  also  let  you  increase  server 
density  without  adding  cooling  infrastructure. 

To  optimize  your  computer  room  infrastruc¬ 
ture,  consider  the  following  steps: 

1.  Get  a  computer  room  cooling 
efficiency  health  check. 

There  are  a  range  of  diagnostic  assessments 
available,  and  most  will  identify  energy  ineffi¬ 
ciencies  and  offer  a  targeted  remediation  strat¬ 
egy.  If  followed,  the  plan  could  save  you  operat¬ 
ing  costs  immediately. 

At  the  very  least,  a  cooling  health  check  should 
examine:  IT  equipment  air-intake  hotspots; 
percentage  of  airflow  loss;  and  cooling  capacity 
factor  (CCF),  or  the  margin  of  installed  cooling 
capacity  vs.  load.  To  do  this,  the  engineer  will: 

■  Count  and  measure  raised  floor  openings. 

■  Measure  cabinet  air-intake  temperatures. 

■  Measure  relative  humidity  of  hotspots. 

■  Sum  cooling  unit  capacity. 

■  Sum  cooling  unit  airflow. 

■  Sum  computing  equipment  power  load. 

■  Determine  the  presence  of  latent  cooling  and 
its  associated  latent  cooling  penalty. 

■  Check  all  return  air  temperature  and  relative 
humidity  sensors  for  calibration. 

These  assessments  will  result  in  a  remedia¬ 
tion  plan  that  will,  among  other  things,  likely 
advise  sealing  all  cable  and  IT  equipment  cabi¬ 
net  openings  to  properly  channel  airflow. 

Case  in  point:  A  company  with  a  6,996  square 
foot  data  center  did  a  cooling  efficiency  health 
check  by  measuring  airflow  loss  and  hotspots 
(cabinet  intake-air  temperatures  that  exceed 
maximums),  and  collecting  data  to  calculate  the 
CCF  and  make  comparisons  to  the  critical  load. 

By  implementing  the  remediation  strategy, 
the  hotspots  were  eliminated  and  there  was  a 
60%  improvement  in  airflow  loss,  which  meant 
the  reliability  of  the  equipment  would  improve. 
In  addition,  the  company  was  able  to  put  two 
cooling  units  into  inactive  standby  mode,  reduc¬ 
ing  electrical  consumption  by  $27,024  per  year 
($2,252  per  month  based  on  $0.08/kWhr).  Sim¬ 
ple  payback  occurred  between  the  second  and 
third  months. 

2.  Seal  the  computer  room 
envelope  and  the  raised  floor. 

Depending  on  what  a  health  check  of  your 


data  center  reveals,  remediation  will  probably 
involve  sealing  up  the  following  areas: 

■  Openings  in  the  perimeter  walls,  in  particular, 
cable  trays  and  conduits  passing  through  the 
perimeter  walls.  Also  inspect  the  area  around 
columns  to  make  sure  conditioned  air  is  not 
escaping  through  column  facades  to  adjacent 
floors  and  wall  openings  where  cables  pass 
through  and  holes  in  the  perimeter  walls  above 
the  dropped  ceiling. 

■  Openings  in  the  raised  floor  that  do  not 
deliver  conditioned  airflow  directly  to  the  face, 
or  intakes,  of  IT  equipment.  The  most  common 
openings  that  require  sealing  are  cable  openings 
under  or  behind  cabinets. 

Case  in  point:  In  a  financial  impact  study  of 
a  10,000  square  foot  data  center  that  had  400 
special  grommets  installed  to  keep  cold  air  in, 
simple  OpEx  payback  occurred  within  the  first 
two  months  and  there  were  annual  OpEx  energy 
savings  of  $50,896.  The  capacity  improvements 
made  it  possible  to  turn  off  18%  of  computer 
room  air  conditioning  units  (CRAC) . 

3.  Improve  the  above-the- 
floor  airflow  management. 

Depending  on  the  conditions  of  your  data  center, 
remediation  measures  may  include  installation 
of  internal  blanking  panels;  vertical  end  row 
panels;  horizontal  partitions  over  rows  and;  cold 
and  hot  aisle  containment. 

Installing  blanking  panels  in  unused  rack 
unit  openings  prevent  rear-to-front  circula¬ 
tion  of  hot  exhaust  air  from  the  servers.  As 
equipment  load  densities  continue  to  increase, 
hot  air  circulation  into  the  cold  aisle  through 
open  spaces  in  cabinets,  as  well  as  around  the 
ends  of  rack  rows  and  across  the  top  of  racks, 
becomes  more  significant.  Installing  blanking 
panels  helps  ensure  the  computer  equipment 
air-intake  temperature,  especially  at  the  top  of 
racks,  is  below  the  American  Society  of  Heating, 
Refrigerating  and  Air-Conditioning  Engineers’ 
recommended  maximum  of  80.6°F. 

Case  in  point:  Two  financial  impact  case 
studies,  one  for  a  high-density  facility  and  one 
for  a  lower-density  facility,  were  performed  to 
demonstrate  how  installing  the  blanking  pan¬ 
els  yield  cost  savings  by  allowing  data  center 
managers  to  raise  computer  room  temperatures 
to  take  advantage  of  the  increased  cooling  unit 
capacities  that  result  from  higher  return  air 
temperatures. 

For  the  high-density  facility  (400  cabinets  in 
a  room  with  10,000  square  feet  of  raised  floor), 
the  total  annual  cost  savings  was  $137,395  and 
payback  occurred  in  the  second  month.  Because 
29.5%  of  the  CRAC  units  were  placed  on  inactive 
standby,  there  was  a  29%  reduction  in  annual 
operating  and  maintenance  costs. 


In  the  lower-density  facility,  with  12  water- 
cooled  CRAC  units  and  7.5  hp  fan  motors,  the 
total  annual  cost  savings  was  $30,594  and  pay¬ 
back  occurred  in  the  fourth  month.  This  repre¬ 
sents  a  15%  reduction  in  the  annual  operating 
and  maintenance  costs  of  the  cooling  units. 

4.  Tune  the  computer  room 

After  installing  the  recommended  sealing  tech¬ 
nology,  it’s  critical  to  re-examine  the  heat  load 
and  all  cooling  unit  settings  to  ensure  you  have 
taken  advantage  of  all  the  efficiencies  afforded 
by  sealing  openings. 

You  should  also  have  an  engineer  physically 
open  equipment  and  make  detailed  performance 
measurements.  The  engineer  should: 

■  Determine  the  heat  load  by  adding  together 
all  of  the  PDU  or  Remote  Power  Panel  outputs 
or  by  summing  the  UPS  system(s)  outputs. 

■  Evaluate  the  configuration  of  the  cooling  units 
on  the  raised  floor  by  checking  temperature  and 
relative  humidity  set  points  and  sensitivities. 

■  Check  the  calibration  of  the  return-air 
sensors. 

■  Check  each  cooling  unit  to  verify  if  it  is 
delivering  its  rated  cooling  capacity.  Both 
airflow  volume  and  temperature  drop  need  to 
be  measured  to  determine  the  delivered  cooling 
capacity. 

■  Determine  the  required  number  of  operational 
cooling  units  from  the  heat  load  data  and  the 
cooling  capacity  information.  There  should  be 
redundant  cooling  capacity  in  every  area  of  the 
room. 

■  Determine  the  proper  number  and  placement 
of  perforated  tiles.  Their  arrangement  must 
be  adjusted  within  the  cold  aisle  based  on 
careful  monitoring  of  IT  equipment  air-intake 
temperatures. 

■  Use  an  infrared  camera  to  identify  airflow 
circulation  patterns  and  equipment  performance 
issues  and  the  options  for  improvement. 

Driving  energy  consumption  down  means 
costs  go  down.  Expert  computer  room  remedia¬ 
tion  strategies  provide  near-instant  energy  sav¬ 
ings  which  make  it  possible  to  increase  server 
density  without  adding  cooling  infrastructure. 
The  money  and  time  spent  will  pay  you  back  in 
significant  energy  savings.  ■ 

Strong  is  professional  engineer  and  senior 
consultant  with  Upsite  Technologies. 

This  vendor-written  tech  primer 
has  been  edited  by  Network  World 
to  eliminate  product  promotion, 
but  readers  should  note  it  will  likely 
favor  the  submitter's  approach. 
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Protect.  Connect.  Collaborate. 


The  iPhone  has  redefined  the  mobile  landscape  for  business,  but  until  now,  control  and  management  issues 
have  made  it  challenging  for  IT  to  protect  the  enterprise.  With  Good  for  Enterprise,  everyone  at  your  company 
can  finally  connect  and  collaborate  securely  on  the  mobile  device  they  want,  and  you  have  the  control  you  need. 

.V"  y  ■  j'  ‘  t-  rJ  ’  ; 

Say  yes  to  iPlione  for  your  enterprise.  Visit  us  online  at  or  call  1  -866-7-BE-GOOD. 
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2009  Good  Technology.  The  Good  logo  and  Good  for  Enterprise  are  trademarks  of  Good  Technology.  Inc.  iPhone  is  a  trademark  of  Apple  Inc.,  registered  in  the  U  S.  and  other  cr>fhtries.  All  rights  reserved. 
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iPhone: 

The  device  they  want. 
The  control  you  need. 


GEARHEAD  BY  MARK  GIBBS 


Pogoplug:  A  wolf  in  sheep’s  clothing 


SOME  THINGS  ARE  not  what  they  appear  to  be. 
They  look  innocent,  devoid  of  power  or  danger, 
and  then  when  you  least  expect  it,  pow!  They 
show  themselves  to  be  much  more.  Such  is  the  nature  of  this  week’s  find: 
The  Pogoplug  produced  by  Cloud  Engines. 

At  first  glance  the  second  generation  of  the  Pogoplug  appears  to  be  unas¬ 
suming.  It  is  a  relatively  small  silver  rectangle  (4  by  2.5  by  2  inches)  on  a 
hideous  shocking-pink  stand.  On  the  back  there’s  a  power  connection,  a 
GigE  connector  and  three  USB  2.0  ports,  while  the  front  sports  another 
USB  connector  and  a  power-on  light. 

That’s  it.  But  beneath  this  garish  but  otherwise  unremarkable  exterior 
beats  the  heart  of  one  of  the  coolest  and,  to  the  enterprise  world,  one  of  the 
more  dangerous  gadgets  to  appear  for  some  time. 

Hidden  inside  the  Pogoplug  is  a  1.2GHz  Marvell  ARM  SOC  RISC  pro¬ 
cessor  and  256MB  of  RAM  and  512MB  of  internal  flash  storage.  On  this 
neat  little  package  runs  a  stripped-down  Linux  distro  with  the  2.6.22.18 
kernel. 

You  power  up  Pogoplug,  plug  in  an  Ethernet  cable,  connect  a  nerd 
stick  or  a  USB  HDD  drive  (USB  or  externally-powered)  and  then  browse 
to  my.pogoplug.com  where  you  create  an  account  by  giving  your  e-mail 
address  and  selecting  a  password. 

Minutes  later  you  receive  an  e-mail  with  a  link  that  contains  the  unique 
26-digit  code  for  your  Pogoplug.  Click  on  that  link  and  you  are  taken  to  a 
Web  page  that  displays  the  contents  of  the  drive  attached  to  your  Pogoplug. 
Voila!  Almost  instant  network- attached  storage,  but  accessible  from  any¬ 
where  on  the  intertubes!  There  are  also  applications  for  Windows  and  OS 
X  that  allow  you  to  map  local  drives  to  the  Pogoplug  storage. 

So,  how  does  this  magic  work?  Well,  by  making  three  assumptions. 


COOLTOOLS  BY  KEITH  SHAW 


First,  that  your  network  will  assign  an  address  by  DHCP.  Next,  that  a 
UDP  connection  can  be  created  from  your  Pogoplug  to  Port  4365  on  ser- 
vice.pogoplug.com.  And  lastly,  that  your  firewall  will  allow  incoming 
UDP  connections  from  that  same  service.  If  DHCP  isn’t  available,  Cloud 
Engine’s  tech  support  can  help  you  set  up  a  static  address. 

The  Pogoplug  Web  interface  lets  you  browse  the  attached  storage  and,  if 
you  click  on  an  image,  it  will  be  displayed,  while  clicking  on  a  music  file  will 
play  it.  From  the  Web  interface  you  can  enable  sharing  with  other  people 
and  notify  them  via  e-mail,  post  links  to  your  content  on  Twitter,  Facebook 
and  MySpace,  publish  an  RSS  feed  linking  to  your  content,  enable  public 
Web  access  and  set  up  e-mail  notification  of  folder  changes. 

You  can  use  SSH  to  establish  a  console  session  on  the  Pogoplug  and  then 
install  lots  of  interesting  open  source  software.  The  OpenPogo  site  pro¬ 
vides  all  you  need  to  know  about  adding  a  Web  server,  PHP,  MySQL,  PHP- 
My Admin,  Samba,  a  Secure  FTP  server,  a  BitTorrent  client,  Django,  Ruby 
on  Rails  with  RubyGems,  Cron ...  a  cornucopia  of  open  source  coolness. 

And  here’s  the  big  thing:  You  get  all  of  this  for  just  $129! 

Now,  just  imagine  a  group  of  users  on  your  network.  You  haven’t  given 
them  the  shared  storage  or  the  group  application  they  want  so  what  do  they 
do  ...  ?  You  get  the  picture?  Instant  security  problem?  Instant  data  man¬ 
agement  problem?  Instant  compliance  and  governance  problems?  Yep,  the 
Pogoplug  is  not  the  innocent  device  you  might  have  thought  it  to  be. 

I  love  the  Pogoplug.  Low  power  consumption  (5  W),  no  noise,  open  archi¬ 
tecture,  highly  flexible,  low  cost ...  I  award  Pogoplug  a  rating  of  5  out  of  5. 
Outstanding!  ■ 

Gibbs  is  also  not  innocent  in  Ventura,  Calif.  Connect  to  gear- 
head@gibbs.com. 


It’s  an  app  world  after  all 


THE  SUCCESS  OF  Apple’s  App  Store  for  the 
iPhone  and  iPod  touch  has  generated  app  stores 
from  other  smartphone  makers,  but  the  con¬ 
cept  of  downloadable  applications  that  can  be  put  onto  a  device  has 
spread  to  other  products.  For  example,  Logitech’s  Squeeze 
box  Radio  lets  users  download  additional  “apps”  that  con¬ 
nect  them  to  streaming  media  services  such  as  Pandora  and 
Slacker.  Here  are  two  more  devices  that  recently  announced 
some  additional  app  downloads,  expanding  the  value  of  the  original  device 
and  allowing  for  flexibility  in  future  features. 

The  scoop:  Pulse  smart  pen,  by  Livescribe,  about  $200  (4GB  model). 

What  it  is:  The  original  Pulse  smart  pen  debuted  last  year  from  Live- 
scribe,  and  has  been  popular  with  students  who  use  the  pen  to  take  notes 
on  special  paper  and  record  the  audio,  and  then  have  them  available  for 
review  later  through  synchronization  with  a  computer.  The  latest  pen 
•includes  4GB  of  memory,  which  captures  about  400  hours  of  audio.  Like 
the  earlier  pen,  the  Pulse  includes  an  infrared  camera  that  captures  writing 
on  the  special  dot  paper,  a  microphone  and  speaker,  and  an  OLED  screen. 

Why  it’s  cool:  The  new  apps  available  for  download  through  the  Live- 
scribe  Web  site  let  users  experience  more  applications  that  highlight  the 
power  of  the  smart  pen.  For  example,  the  video  poker  app  has  you  draw  the 
“deal”  and  “bet”  areas  on  the  paper,  along  with  five  circles  for  holding  cards. 
The  game  occurs  on  the  pen’s  display,  and  you  choose  your  actions  by  tap¬ 
ping  on  the  boxes  you  drew.  The  Spanish  Dictionary  app  lets  you  write  out 
English  words  and  have  them  translated  into  Spanish  (and  vice-versa),  and 
also  lets  you  hear  the  word  pronounced  via  audio. 

Apps  range  in  price  from  free  up  to  about  $3,  although  there  is  one  $100 
app  (MagicYad)  that  helps  Jewish  boys  and  girls  prepare  for  their  bar 


The  Livescribe 
has  new  apps 
available  for  download 
that  highlight  the  power  of  the 
smart  pen. 

mitzvah  or  bat  mitzvah  by  allowing  them  to  hear 
Hebrew  chant  recordings. 

Grade:  ★★★★  (out  of  five) 


The  scoop:  Roku  players,  starting  at  $80  (up  to  $130). 

What  it  is:  The  Roku  series  of  digital  media  players  attach  to  a  TV  and 
connect  either  wirelessly  or  with  an  Ethernet  cable  to  your  home  network 
in  order  to  access  digital  media  content  from  the  Internet.  The  original 
Roku  box  was  a  Netflix  player,  letting  you  view  movies  from  Netflix’s 
Instant  Streaming  area  and  watch  the  content  on  a  TV.  Roku  has  added  the 
ability  to  view  Amazon’s  On  Demand  Service  and  MLB.com  content  to  the 
box.  The  recent  updates  let  users  pick  from  additional  media  streaming 
services,  most  notably  Pandora’s  music  service  and  Flickr  photos.  Other 
services  with  apps  include  Motionbox,  Mediafly,  blip.tv  and  Revision3. 

Why  it's  cool:  Having  additional  media  services  available  for  stream¬ 
ing  to  the  TV  via  the  Roku  box  increases  the  value  of  the  box,  especially  if 
the  owner  doesn’t  have  a  Netflix,  Amazon  or  MLB.com  account.  Some  of 
the  “free”  services  need  some  improvement  in  their  interfaces,  but  seeing 
additional  content  on  the  box,  plus  the  potential  of  seeing  more  content 
soon  (maybe  Hulu  someday?)  make  this  a  cool  device  to  have  on  the  home 
network. 

Grade:  ★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com.  Follow  him  on  Twitter  at 
http://twitter.com/shawkeith. 
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NETWORK  WORLD  ANNOUNCES 


iTRoadmap 

CONFERENCE  &  EXPO  I 


ALERT  YOUR  COLLEAGUES 
IN  OTHER  CITIES! 

IT  ROADMAP  2010 

Los  Angeles,  February  8  •  Chicago,  March  16 
Denver,  April  6  •  Boston,  May  25 
Atlanta,  June  8  •  Philadelphia,  July  14 
Dallas,  September  14  •  Washington,  DC,  October  19 
San  Francisco,  November  3 


The  ONE  DAY  event 

that  comes  to  you  I 


coming  next  to  New  York  City 

SAVE  THE  DATE:  WEDNESDAY,  JANUARY  27th 

MARRIOTT  MARQUIS,  1535  BROADWAY,  NEW  YORK  CITY 


SIGN  UP  -  AND  BRING  YOUR  COLLEAGUE!  Full  details  at  www.networkworld.com/goNYC 


Five  all-new  morning  sessions: 

•  Virtualization  &  Cloud  Roadmap— 

Desktop  Virtualization,  Software-as-a-Service,  Cloud  Computing 

•  Data  Center  Roadmap- 

Green  IT,  Disaster  Recovery,  and  Floor  Planning  for  Flexibility 

•  Optimization  &  Management  Roadmap  — 

Application  Performance,  WAN  Optimization,  and  Network  Management 

•  Convergence  &  Wireless  Roadmap— 

Unified  Communication,  Collaboration,  and  Enterprise  Mobility 

•  Security  Roadmap— 

Identity  Management,  Compliance  &  Regulation 


Plus  an  afternoon  of  unique  problem 
solving  breakouts: 

•  “Help  Me  Build  My  Business  Case”  Workshops— 

The  business  strategies  you  need  to  drive  technology  up  the  ladder. 
Choose  from  building  an  RFP,  cost  modeling,  budgeting,  how  to  calculate 
ROI,  more 

•  Problem-Solving  Tech  Tutorials— 

Meet  the  most  pressing  challenges  in  enterprise  IT  in  an  informal, 
participatory  white-board  setting 

•  New  Technology  Demos— 

Close  up  and  hands-on:  the  latest  betas  and  enterprise-ready  releases 
presented  by  top  solutions  providers 

•  Strategy-in-Action  Case  Studies— 

The  best  practices  and  front-line  advice  from  experienced  end  users 
ready  to  fast  track  you  past  pitfalls  of  managing  enterprise-sized 
technology 

•  Live  Expo  Floor  Solution  Clinics— 

Technical  professionals  from  the  vendors  you  most  want  to  see  will 
conduct  private  and  personalized,  one-to-one  consults  right  on  the 
expo  floor 


Pre-Quality  and  Attend  Free! 
...  ..  . '  .  . ...  .  ... 


Visit  www.networkworld.com/goNYC 
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To  learn  about  sponsorship  opportunities  and  benefits  call  or 
email  Andrea  D'Amato,  Vice  President,  Publisher,  Network  World 
at  508-766-5455  or  adamato@nww.com 


CLEAR  CHOICE  TEST  ANTIMALWARE  GATEWAYS 


McAfee  wins  Web  security  shootout 

All  five  products  tested  deliver  online  protection  against  zero-day  threats 


BY  BARRY  NANCE,  NETWORK  WORLD  LAB  ALLIANCE 


Two  distinct  and  important  security  trends  emerged  in  our  testing 
of  antimalware  gateways.  First,  the  current  crop  of  products  are 
migrating  from  the  classic  approach  of  referencing  a  local  (cus¬ 
tomer  premises)  database  of  malware  signatures  and  instead 
using  a  “just-in-time”  approach  of  querying  a  central  (vendor  site) 
database  in  order  to  deal  with  new  malware  instances. 

Also,  vendors  strongly  recommend  inserting  a  gateway  device  inline, 
between  the  Internet  and  the  local  network,  rather  than  connecting  it  to 
a  span/tap  port. 

The  need  for  greater  security  is  behind  both  these  trends.  Vendors  told 
us  even  frequent  updates  of  a  local  customer-site  database  of  malware 
signatures,  URLs  and  IP  addresses  can’t  always  keep  up  with  the  rapid 
spread  of  new  malware  instances.  (In  the  future,  companies  may  need  to 
plan  for  extra  speed  in  their  Internet  links  to  accommodate  a  growing  num¬ 
ber  of  cloud-based  queries  of  vendor  malware  databases.) 

Next,  deep  and  thorough  inspection  of  network  traffic  has  become  the 
only  effective  way  to  keep  malware  off  the  network.  An  approach  that  sim¬ 
ply  monitors  for  malware  and  reports  the  results  to  administrators,  who 
then  manually  clean  up  the  mess,  is  cumbersome  and  nearly  unworkable. 

Similarly,  an  approach  that  uses  zero-latency  “TCP  RESET”  commands 
to  cancel  malware  traffic  leaves  open  a  small  window  of  risk  (see  http:// 
tinyurl.com/ygto9wd). 


Today,  malware  takes  many  different  forms  —  malicious  Web  sites, 
hijacked  advertising  banners  on  otherwise  innocent-looking  sites,  phish¬ 
ing,  spyware,  spam,  viruses,  Trojans,  botnets,  rootkits,  instant  messaging 
malware,  peer-to-peer  (P2P)  file  sharing  malware,  Skype  malware,  social 
networking  malware,  hijacked  Facebook  applications,  gaming  malware 
and  Web  2.0  application  malware. 

The  list  is  long,  and  these  Internet-borne  threats  cannot  be  ignored. 

Web  attacks  are  one  of  the  most  dangerous  and  sophisticated  vectors 
used  by  cyber  criminals.  Attacks  can  come  from  malicious  Web  pages, 
redirects,  hijacked  legitimate  sites,  phishing  e-mails  and  social  networks. 

For  example,  you  may  think  you’re  safe  because  your  users  visit  only 
“good”  Web  sites.  Unfortunately,  because  cyber  criminals  quite  often 
hijack  advertising  banners,  even  this  reason  for  avoiding  putting  an  effec¬ 
tive  security  barrier  between  you  and  the  Internet  is  no  longer  valid. 

Without  protection  you  could  find  that  criminals  have  sucked  corpo¬ 
rate  and  personal  information  quickly  and  silently  out  of  your  computers. 
Moreover,  the  advent  of  extremely  sophisticated  rootkits  has  made  spy- 
ware  a  stubborn,  intractable  problem.  Removing  the  latest  spyware  threats 
“by  hand”  is,  to  say  the  least,  problematic. 

The  quest  for  perfection 

The  ideal  antimalware  gateway  identifies  and  thwarts  virtually  all  mal¬ 
ware.  It  performs  with  alacrity  (such  as  low  latency),  thus  giving  users  a 
responsive  Internet  experience  —  as  if  the  device  weren’t  even  present. 


NETRESULTS 

Product 

Web  Gateway  V6.8.6 
model  WW  1900E 

InterScan  Web 

Security  Virtual 
Appliance  5.0 

InterScan  Messaging 
Security  Virtual 
Appliance  7.0 

Unified  Security 
Gateway  V3.0 

Web  Security 

Gateway  V10000 

Web  Gateway  4.5 
model  8450 

Mail  Security  V7.5 
model  8300 

Vendor 

McAfee 

www.mcafee.com 

Trend  Micro 
www.trendmicro.com 

FaceTime 

www.facetime.com 

Websense 

www.websense.com 

Symantec 

www.symantec.com 

Price 

Starts  at  $25,000 
plus  appliance  cost 
for  1,000  users. 

$14,290  first  year 
license  for  500  users. 

$9,200  per  year 
for  100  users. 

$16,000  plus 
$42/user/year. 

Web  Gateway:  $3,495 
plus  $27.84/user/ 
year  for  1,000  users; 

Mail  Security:  $1,995 
plus  $18.89/user/ 
year  for  1,000  users. 

Pros 

Accurate;  fast; 
easy  to  use. 

Excellent  reports; 
easy  installation; 
good  overall  view  of 
corporate  security. 

Especially  good 
security  for  social 
networking. 

Good  performance; 
easy  to  use. 

Excellent 

documentation;  highly 
useful  compliance 
summary  screen. 

Cons 

Updates  took  longer 
than  expected. 

Performance  was 
slower  than  most 
other  products; 
user  interface  not 
as  intuitive. 

User  interface 
not  as  responsive 
as  McAfee’s. 

Pricey;  not  as  effective 
against  phishing. 

The  two  products 
need  to  be  better 
integrated  and  have 
lower  latencies. 

Score 

4.5 

4.1 

3.9 

3.85 

3.6 
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SCORECARD 


Product 

McAfee 

Web  Gateway 
V6.8.6  model 
WW  1900E 

Trend  Micro 
InterScan  Web 
Security/ 
Messaging 
Security 

Facetime 

Unified  Security 
Gateway 

Websense 

Web  Security 
Gateway 

Symantec 

Web  Gateway/ 

Mail  Security 

Action 

Weight 

Malware 

blocking 

35% 

5 

4.5 

4.5 

4 

4 

Performance 

15% 

5 

3 

4 

4 

3 

Ease  of  use 

15% 

4 

4 

4 

4 

3 

Additional 

features 

15% 

4 

4 

3 

3 

3 

Reports 

10% 

4 

5 

3 

4 

3 

Documentation 

10% 

4 

4 

4 

4 

5 

Total  score 

4.5 

4.1 

3.9 

3.85 

3.6 

SCORING  KEY:  5:  EXCEPTIONAL;  4:  VERY  GOOD;  3:  AVERAGE;  2:  BELOW  AVERAGE;  1:  SUBPAR  OR  NOT  AVAILABLE 


It  prevents  malware  from  “phoning  home”  (sending  credit  card  or  other 
sensitive  data  back  to  the  cyber  attacker).  The  perfect  product  helps  remove 
malware  from  infected  endpoint  computers.  It  produces  useful  reports 
and  timely  alerts.  It’s  robust  and  reliable,  scales  well  and  is  easy  to  use  and 
deploy. 

Five  vendors  answered  our  call  to  submit  products  to  our  lab  for  evalua¬ 
tion.  We  received  antimalware  gateway  devices  from  McAfee  (WW 1900E 
Web  Gateway  V 6.8.6  appliance),  FaceTime  (Unified  Security  Gateway  V3.0 
appliance),  Symantec  (8450  Web  Gateway  4.5  appliance  and  8300  Mail 
Security  V7.5  appliance)  and  Websense  (Web  Security  Gateway  V10000 
appliance). 

Trend  Micro  sent  software  that  runs  on  servers  that  you  provide  — 
InterScan  Web  Security  Virtual  Appliance  5.0  and  InterScan  Messaging 
Security  Virtual  Appliance  7.0,  plus  a  central  console  reporting  module 
(Advanced  Reporting  and  Management  1.0). 

McAfee’s  Web  Gateway  appliance  wins  the  Clear  Choice  award,  but  the 
race  was  a  tight  one.  McAfee’s  appliance  thwarted  more  malware  —  with 
lower  latency  —  than  the  other  gateways.  The  other  products,  however, 
also  did  a  credible  job  of  keeping  malware  off  our  network. 

Blocking  malware 

It’s  clear  that  the  most  important  criterion  for  an  antimalware  gateway  is 
its  success  rate  at  blocking  malware.  McAfee  Web  Gateway  fared  best  in 
our  tests,  turning  aside  99%  of  the  malware  instances  we  threw  at  it. 

We  attacked  each  vendor’s  product  with  100  spyware,  adware,  Trojan 
and  rootkit  downloads.  These  malware  instances  included  older  classics 
such  as  CashBackBuddy,  Casino  Dialer,  SearchEssistant,  Searchforit, 
SearchMiracle.EliteBar  and  SearchSquire,  as  well  as  freshly  minted 
malware  such  as  Generic  Downloader.xlbrz,  Generic  Rootkit.dt.dr,  W32/ 
Akbot.gen.a,  Bredolab.gen.h,  FakeAlert-MaCatte,  Whitewell,  Opachki.a, 
Ransom-N  and  PWS-CuteMoon. 

Tied  for  second  with  a  96%  success  rate  are  the  FaceTime  Unified  Secu¬ 
rity  Gateway  and  the  two  Trend  Micro  products.  Symantec  Web  Gateway 
and  Mail  Security  and  the  Websense  Web  Security  Gateway  V10000 
managed  to  block  94%. 

Phish  phase 

When  we  tested  how  well  the  products  thwarted  phishing  attempts,  McA¬ 
fee’s  Web  Gateway  fared  best,  recognizing  and  foiling  90%  of  the  scams. 


We  fed  each  gateway  a  diet  of 500  selected  phish  accompanied  by  another 
500  non-phish  messages. 

We  composed  several  of  the  phishing  messages  ourselves,  embellishing 
the  text  and  obfuscating  both  the  syntax  and  spelling  in  order  to  sneak 
our  phish  around  the  net.  Accurate  recognition  of  good  vs.  bad  was  our 
criterion. 

The  Trend  Micro  InterScan  Web  Security  Virtual  Appliance  and  Inter¬ 
Scan  Messaging  Security  Virtual  Appliance  recognized  84%  of  the  phish¬ 
ing  attempts,  the  Symantec  Web  Gateway  and  Mail  Security  identified  76% 
and  the  Websense  Web  Security  Gateway  V10000  achieved  73%. 

The  FaceTime  appliance  we  tested  was  not  able  to  scan  for  phishes. 
However,  the  vendor  announced  recently  that  the  latest  version  of  its  Uni¬ 
fied  Security  Gateway  will  be  able  to  scan  for  phishing  attempts  when  the 
product  is  used  in  conjunction  with  a  Blue  Coat  proxy  device,  and  eventu¬ 
ally  ISA  and  Squid  proxies  as  well. 

Low  latency  leaders 

The  McAfee  Web  Gateway  exhibited  the  lowest  latency  —  28  ms  —  when 
we  downloaded  executable  files  through  these  antimalware  gateways.  The 
Facetime  Unified  Security  Gateway  gave  us  34  ms  latency,  the  Websense 
Web  Security  Gateway  VIOOOO’s  latency  was  36  ms  and  the  Trend  Micro 
InterScan  Web  Security  Virtual  Appliance  and  InterScan  Messaging  Secu¬ 
rity  Virtual  Appliance  achieved  48  ms  latency.  The  Symantec  Web  Gate¬ 
way  and  Mail  Security  devices  trailed  the  other  gateways  with  a  latency 
of  62  ms. 

Moving  into  the  cloud 

We  looked  at  the  extent  to  which  these  products  access  a  central  vendor 
Internet  site  with  malware  queries  (or  plan  to  in  the  future). 

Symantec’s  Mail  Security  appliance  uses  both  a  local  (onboard)  mal¬ 
ware  database  and  queries  to  a  cloud  database  maintained  at  Symantec. 
Its  Web  Gateway  uses  a  local  malware  database. 

Trend  Micro’s  approach  is  a  hybrid  of  local  (onboard)  scanning  and,  for 
executables  not  found  in  the  local  database,  queries  to  a  cloud  database  at 
Trend  Micro’s  central  site. 

McAfee  proactively  uses  “spider”  programs  that  traverse  the  Web  to 
examine  Web  pages’  active  (such  as  executable)  content  for  bad  behavior, 
and  McAfee  additionally  relies  on  TrustedSource’s  Web  reputation  tech¬ 
nologies  to  distribute  malware  database  updates  to  its  customers. 
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Websense  uses  a  multi-phased  approach 
that  consists  of  a  local  (onboard)  database 
and,  if  a  downloaded  executable  program 
isn’t  in  the  local  database,  a  Real  Time  Secu¬ 
rity  Scanning  engine  that  goes  beyond  sig¬ 
natures  to  statistically  profile  executables 
for  malicious  intent. 

FaceTime’s  appliance  contains  a  mal¬ 
ware  database  updated  by  both  Facetime 
and  Sophos,  from  which  Facetime  licenses 
its  database.  Facetime  indicated  that  it  is 
migrating  toward  a  hybrid  approach  com¬ 
bining  queries  of  a  local  malware  database 
and  a  cloud  database. 

These  vendors  update  their  products’ 
local  (onboard)  malware  databases  hourly 
or,  when  a  significant  threat  surfaces,  on 
demand. 

Coincidentally,  the  McAfee,  Facetime 
and  Websense  appliances  we  tested  were 
all  Dell  PowerEdge  1950  computers.  The 
Symantec  Mail  Security  device  was  also  a 
Dell  PowerEdge  1950,  while  the  Symantec 
Web  Gateway  was  a  Dell  R200  computer. 
All  were  1-U  rack-mountable. 

For  parity’s  sake,  we  installed  Trend 
Micro’s  software  also  on  Dell  PowerEdge 
1950s.  So  for  performance-measuring 
purposes,  all  the  products  except  for  the 
Symantec  Web  Gateway  8450  ran  on  essen¬ 
tially  the  same  hardware. 

Ease  of  use 

McAfee’s  Web  Gateway  (formerly  Secure 
Computing’s  Webwasher)  sports  an 
easy-to-use,  intuitive  browser-based 
interface  that’s  especially  responsive. 
Reports  are  quick  and  informative,  and 
the  Web  Gateway  dashboard  is  completely 
customizable. 

The  McAfee  Web  Gateway  installation 
was  the  slickest.  A  USB  memory  stick  con¬ 
taining  a  configuration  program  accom¬ 
panies  the  device.  Insert  the  memory  stick 
in  a  Windows  machine,  run  the  program, 
save  your  configuration,  move  the  memory 
stick  to  the  Web  Gateway  before  boot  time 
and  —  voila!  —  the  Web  Gateway  uses  the 
IP  address  and  other  configuration  data 
you’ve  specified. 

Websense’s  Web  Security  Gateway  has 
a  browser-based  interface  that  provides 
administrators  with  fingertip  control  over 
how  more  than  130  protocols  (such  as  IM 
and  P2P)  affect  applications  on  the  net¬ 
work.  It  comes  with  more  than  55  useful 
reports,  and  the  user  interface  displays  a 
thoughtfully  designed  dashboard. 

Trend  Micro  gave  us  consolidated  threat 
reporting  and  corporate  policy  manage¬ 
ment  across  our  network.  We  easily  var¬ 
ied  security  policies  by  network  segment, 
company  division  and  company  depart¬ 
ment.  We  particularly  liked  Trend  Micro’s 
unified  view  of  network  security  across  an 


entire  enterprise. 

You  install  Trend  Micro’s  software  on 
your  computers,  thus  giving  you  fine  con¬ 
trol  over  the  speed  and  capacity  of  your 
gateway.  Installation  is  a  snap. 

The  Symantec  Web  Gateway  (acquired 
from  MI5)  and  Mail  Security  (from  Bright- 
Mail)  devices  have  somewhat  disparate 
user  interfaces.  Both  are  browser-based. 
Web  Gateway  has  a  useful  executive  sum¬ 
mary  report  screen  that  tells  the  security 
threats  and  activity  levels  the  Web  Gate¬ 
way  is  experiencing.  Symantec  Web  Gate¬ 
way  additionally  produces  about  a  dozen 
reports  on  malware  activity.  These  show,  for 
example,  infections  classified  by  spyware 
name,  potential  attacks,  client  application 
usage  and  sorted  lists  of  your  network’s 
Web  destinations. 

Symantec  Mail  Security’s  browser-based 
interface  features  an  intuitive  dashboard, 
an  executive  summary  (quite  different  from 
the  Web  Gateway’s  summary),  reports  for 
monitoring  e-mail  activity  and  spam  levels 
and  even  a  compliance  summary  that  high¬ 
lights  potential  violations  of  corporate  poli¬ 
cies  regarding  message  content. 

The  Symantec  Web  Gateway  installs  via 
a  browser-based  wizard,  but  the  Symantec 
Mail  Security  appliance  installation  needs 
to  have  a  one-time  monitor  and  keyboard 
connected  for  initial  setup. 

The  Facetime  Unified  Security  Gateway 
appliance  has  a  Web-based  user  interface 
for  setting  configuration  options,  seeing 
real-time  status  and  viewing  reports.  The 
Unified  Security  Gateway  appliance  inter¬ 
face  is  intuitive  to  use  and  navigate.  The 
USG  status  screens  and  reports  are  com¬ 
prehensive  and  highly  informative. 

Installing  the  Websense  Web  Security 
Gateway  V10000  or  the  Facetime  Uni¬ 
fied  Security  Gateway  consists  of  cabling 
the  box  to  your  network,  powering  up  and 
assigning  an  IP  address  via  a  one-time 
monitor  and  keyboard  connection. 

All  these  products’  manuals  were  clear, 
comprehensive  and  easy  to  follow.  All  were 
online,  with  Symantec  also  providing  hard¬ 
copy  booklets  and  manuals. 

Conclusion 

McAfee’s  Web  Gateway  appliance  is  our 
Clear  Choice  winner.  It  does  an  excellent  job 
of  keeping  malware  (both  Web  site-based 
and  e-mail-borne)  at  bay,  is  responsive,  has 
an  intuitive,  customizable  user  interface 
and  scales  well.  The  other  four  products 
weren’t  far  behind  and  all  offer  effective 
protection  against  Web-based  attacks.  ■ 

Nance  runs  Network  Testing  Labs  and  is 
the  author  of  Introduction  to  Networking, 
4th  Edition  and  Network  Programming 
in  C.  His  e-mail  address  is  barryn@erols. 
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Sometimes  the  information  people  need  is  on  a  drive;  sometimes  it's  in  someone's  head.  Deploy  Microsoft®  Unified  Communications, 
SharePoint®  and  Forefront™  to  help  save  money  and  enable  your  people  to  stay  connected  across  the  globe  with  secure  access 
to  the  information  they  need.  Your  people  will  be  able  to  seamlessly  collaborate  when,  where  and  how  they  like,  allowing 
ideas  to  flow  safely  and  freely. 


To  learn  more  about  how  to  make  communication  and  collaboration  efficient,  more  secure  and  easier  to  manage, 
go  to  itseverybodysbusiness.com/improve 
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Complex  1 OG  Fiber  Cabling 


ICC's  HiPerlink  Fiber  ‘Plug  and  Play’  Solution 

In  today's  economy,  it  is  vital  to  look  for  cost-effective  ways  to 
deploy  reliable  network  systems  and  upgrades  quickly.  With 
ICC’s  pre-terminated  fiber  solutions,  simply  ‘plug  and 
play'  fiber  into  any  FTTx  network  architecture;  data 
centers,  network  backbone  or  straight  to  the 
workstation  and  still  save  money. 

~  M/ftp  Plug  and  Play 

Install  right  out  of  the  box  with  no  hassle. 

10  Gigabit  Performance 

Exceeds  IEEE  802.3,  IEC-60793-2- 1 0,  TIA/EIA  568-B.3  standards. 

Superior  Reliability 

Low  Insertion  Loss  of  <0.3dB  .. exceeds  the  industry's  average  0.75dB. 

Built-to-Order 

Cassetie-to-Cassette,  Cassette-to-Connectors,  Cassefte-to-  Workstation. 

Cost  40%  Less  Than  Big  Name  Brands 

ICC  is  a  single  source  for  all  fiber  components  without  the  high  markups. 


Cal!  888-ASK-4-ICC  extension  4000  and  ask  for  a  quote. 

Go  online  www.icc.com/nw 
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Company  Data  with  Spector  360  ,f, online 


1.877.288.5699 

Watchwith360.com 


Do  you  still 
believe  that 
Filters  work? 

IT  SECURITY  WARNING:  Internet  Filters  Cause  a  False 
Sense  of  Security  by  Failing  to  Monitor  and  Record 
EVERYTHING  Your  Employees  do  on  their  Desktop  PCs. 
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"Spector  360  is  the  most 
mature  surveillance  offering 
for  business  use." 


-  PC  Magazine  Editors' Choice 

September  2008 

Spector  360 


SpectorSoft 


Filtering  software  leaves  your  company's  health  at  risk  because  it  fails  to 
monitor  desktop  computer  activity.  Employees  can  bypass  content  filters, 
install  rogue  applications,  copy  confidential  information  or  worse...  and  it's 
all  undetected.  * 


Monitor  Your  Employees 


Spector  360  is  the  only  software  that  gives  you  the  ability  to 
monitor,  record,  archive  and  report  all  PC  and  Internet  activity. 

Nothing  Gets  Past  Spector  360 

Unlike  filtering,  Spector  360  captures  EVERYTHING 
your  employees  do:  web  site  visits,  file  transfers, 
emails,  chats,  IMs,  application  usage,  «.  ■ 

keystrokes  and  so  much  more.  Spector  360  '  - 

even  provides  screen  snapshots  of  employee 
PC  and  Internet  activity  that  give  undisputable 
proof  or  erase  all  doubt. 

Where  There's  Smoke,  There's  Fire 


Spector  360's  easy-to-read  and  intuitive  summary  reports 
quickly  identify  employees  conducting  high-risk  activity.  See  something 
suspicious?  Drill  down  for  a  detailed  employee-focused  investigation  that 
reveals  every  detail  of  their  PC  and  Internet  activity.  Spector  360  even 
sends  immediate  alerts  if  your  data  is  threatened. 


Ci  Copyright  2009  SpectorSoft  Corporation.  All  rights  reserved.  PC  Magazine  Editors'  Choice  Award  logo  is  a  trademark  of  Ziff  Davis  Publishing  Holdings  inc  Used  under  license. 
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Learn  how  to  roll  out  your  HD  data  center  with  a  FREE  copy  of  APC's  White  Paper  #72: 
"Five  Basic  Steps  for  Efficient  Space  Organization  within  High-Density  Enclosures." 

Visit  www.apc.com/promo  Key  Code  n581w  •  Call  888-289-APCC  x6126  •  Fax  401-788-2797 


by  Schneider  Electric 


©2009  Schneider  Electric,  All  Rights  Reserved.  Schneider  Electric,  APC,  Legendary  Reliability,  InfraStruxure,  and  NetShetter  are  owned  by  Schneider  Electric,  or  its  affiliated  companies 
in  the  United  States  and  other  countries,  e-mail:  esupport@apc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  •  998-2227 


Finally,  custom  data  center  capabilities 
without  all  the  customizing. 


High-density  readiness: 

Delivers  superior  cooling  for  blade 
servers  and  switches;  handles 


Any-IT  compatibility: 

Reduces  the  challenge  of 
often-incompatible  IT  products 


Only  APC  racks  and  rack  PDUs  deliver  maximum  flexibility. 

A  system  for  high-density  data  centers 

Today’s  data  centers  run  on  virtualization  and  high-density  processing.  To  keep  up, 
you  need  rack  enclosures  and  rack  PDUs  that  allow  you  to  adapt  easily  to  ever- 
changing  technologies.  Only  APC  by  Schneider  Electric  delivers  rack  enclosures 
and  rack  PDUs  that  are  purposely  designed  as  a  system  to  enable  integration  of 
HD  blade  servers  and  large  core  switches,  while  also  addressing  corresponding 
power,  cooling,  and  space  challenges. 


Easy-to-deploy  design  with  any-IT  compatibility 
Even  though  APC’s  NetShelter  SX  enclosure  and  rack  PDU  system  can 
accommodate  a  complex  IT  landscape,  choosing  and  deploying  the  correct  system 
couldn’t  be  simpler.  The  integrated  zero-U  rear  channels  provide  tool-less  mounting 
of  cable  managers  and  low-profile  rack  PDUs,  and  the  large-capacity  cable 
managers  allow  simple  routing  and  management  of  HD  networking  applications. 

Best  of  all,  the  scalable  system  works  seamlessly  with  any  IT  vendor’s  servers  and 
equipment  -  meaning  your  data  center  can  grow  and  adapt  easily,  no  matter  what 
changes  technology  brings. 

The  bridge  to  InfraStruxure 

APC’s  rack  enclosure/rack  PDU  system  is  the  bridge  to  our  complete  InfraStruxure 
data  center  architecture.  It’s  the  essential  first  step  toward  building  a  truly  flexible, 
efficient  data  center  founded  on  Legendary  Reliability. 


Deployment-friendly  design: 

Optimizes  space,  installation, , 
deployment  speed  via  standard  features 


Intelligent,  low-profile  rack  PDU: 

Enables  easy  equipment  access 
and  power  monitoring  and  control 
at  the  rack  level 


APC  Rack  PDU  Options: 

Which  APC  rack  PDU  option  is  right  for  you? 


Basic  PDU 

Puts  power  in  the 
rack  enclosure  near 
the  equipment  where 
it  is  needed  most 


Metered  PDU 

Ef  Measures  and 
monitors  potential 
overloads,  with 
alarm  warning 


Switched  PDU 

[7f  Allows  for  remote 
management  and 
control  of  individual 
outlets 
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TOG  Fiber  Multistrand  Cables 

Helps  save  time  during  installation 
MPO,  LC,  SC  and  other  connectivity  types 
-built  with  multiple  OFNR/OFNP  laser  optimized  cables 
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Clean  and  organized  installations  with  specific  lengths 
MPO.  LC,  SC  and  other  connectivity  types 
OFNR/OFNP  laser  optimized  cables 
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•Visit  Coblesys’s  website  for  detailed  shipping  information. 


Cablesys  will  blow  you  away  with  our 
wide  selections  and  superior  services! 
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★  0.2dB  or  less  Insertion  Loss 

★  Widest  selection  in  stock 

★  Live  Customer  Service 
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★  Competitive  prices 
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BACKSPIN  BY  MARK  GIBBS 


Keeping  us  safe  the  Sprint  way 


I  DON’T  THINK  anyone  rational  and  not  on 
medication  would  argue  that  the  majority  of  us 
don’t  want  to  have  to  defend  ourselves  against 
bad  guys.  That,  my  friends,  is  why  we  have  the  police  force,  the  military,  the 
FBI,  the  CIA  and  other  agencies  tasked  with  keeping  us  safe. 

And  there’s  no  doubt  that  the  job  of  keeping  us  safe  has  become  progres¬ 
sively  tougher  over  the  last  few  decades.  Not  only  are  there  more  of  us,  but 
we  have  become  a  more  mobile  society  and  we  also  communicate  more 
often  and  over  multiple  channels. 

This  means  that  finding  someone  “of  interest”  and  then  tracking  their 
whereabouts  has  become  more  difficult. 

To  address  the  challenges  of  a  more  mobile  and  connected  society,  it  is 
therefore  logical  that  we  should  look  to  the  various  technologies  that  got 
us  into  this  situation.  But  it  turns  out  that  there  are  some  aspects  of  using 
these  technologies  for  managing  public  order  that  we  just  won’t  accept. 

For  example,  to  enforce  the  speed  limits  few  of  us  obey  we  could  legislate 
to  have  transponders  installed  in  every  vehicle  so  speeding  could  be  easily 
detected  and  punished.  After  all,  driving  is  defined  as  a  social  privilege  and 
not  a  right.  So,  if  we  believe  and  agree  that  speed  kills  then  surely  we  would 
do  something  about  it.  No? 

Well,  actually,  the  answer  is  no,  we  don’t.  We  put  in  those  ridiculously 
expensive  cameras  at  intersections  to  trap  people  jumping  lights  and 
accept  that  as  necessary  for  public  order,  yet  monitoring  people’s  driving 
speeds  by  instrumenting  their  cars  or  the  highway  is  just  not  acceptable. 

But  what’s  interesting  is  that  most  citizens  are  against  this  kind  of  moni¬ 
toring  while,  at  the  same  time,  they  don’t  seem  to  care  about  other  more 
nefarious  monitors  that  are  used  to  watch  their  behavior  on  the  assump¬ 
tion  they  might  be  bad  guys. 


Consider,  for  example,  Sprint.  It  has  just  come  to  light  that  Sprint  Nextel 
cooperated  with  various  security  agencies  and  allowed  them  to  locate  cell 
phone  users  over  8  million  times  last  year. 

Apparently  Sprint  has  a  secret  self-service  Web  site  where  anyone  with 
an  authorized  account  can  enter  a  cell  number  and  get  information  on  the 
location  of  the  device.  Now,  this  wasn’t  8  million  customers  but  rather  8 
million  ‘pings’,  so  if  there  were,  say,  1,000  pings  per  enquiry  then  some¬ 
thing  like  8,000  customers  were  tracked. 

It  turns  out  that  the  previous  estimates  of  how  often  cell  phones  are  used 
to  track  individuals  was  wrong  by  a  couple  orders  of  magnitude. 

The  existence  of  this  service  was  revealed,  for  reasons  unknown,  by  a 
Sprint  manager,  Paul  Taylor,  in  October  at  the  non-public  Intelligent  Sup¬ 
port  Systems  conference  on  interception  and  wire  tapping.  Taylor  com¬ 
mented  that  “the  tool  has  just  really  caught  on  fire  with  law  enforcement.” 

What  should  really  concern  us  is  this  is  revelation  is  about  one  cell 
phone  company  and  it  is  likely  that  all  of  the  cell  phone  service  providers 
have  similar  solutions  in  place. 

Why  should  you  care?  Because  with  services  like  these  there’s  a  reflex¬ 
ive  drive  on  the  part  of  the  security  and  law  enforcement  agencies  to  over¬ 
reach  and  do  things  that  violate  people’s  rights.  Just  consider  the  warrant¬ 
less  wiretapping  that  is  still  going  on. 

There  is  a  fine  line  between  working  to  maintain  law  and  order  and 
over-reaching,  and  when  the  likes  of  Sprint  are  all  too  willing  to  cooperate 
and  make  surveillance  programs  really  easy  to  use  and  keeps  them  secret, 
we’re  obviously  moving  away  from  law  and  order  and  heading  towards  a 
controlled  and  monitored  society  that  none  of  us  should  want.  ■ 

Gibbs  is  located  in  Ventura,  Calif.  You  can  find  him  at  backspin@gibbs.com. 


NETBUZZ  BY  PAUL  McNAMARA 

Dragon's  holiday  gift  ad  won’t  win  over  parents 


LISTEN  UP,  KIDS:  Don’t  bother  learning  how  to 
type;  play  more  video  games  instead! 

That’s  the  cheery  message  from  the  makers 
of  Dragon  NaturallySpeaking  being  delivered  to  radio  listeners  in  Boston, 
Chicago,  Philadelphia,  Seattle  and  San  Francisco  this  holiday  season.  And 
a  full-throated  “bah,  humbug”  it  deserves. 

The  commercial  fails  on  a  number  of  fronts:  inflated  claims,  gender  ste¬ 
reotyping,  a  misreading  of  its  target  audience,  and  annoying  me. 

Here’s  how  the  ad  plays  out:  Mom  and  Clueless  Dad  are  in  a  car  talking 
about  holiday  presents  for  the  “six  students”  —  two  kids  and  four  cousins  — 
“on  our  family  gift  list.”  Clueless  Dad  asks  Mom  what  she  has  in  mind. 

Mom:  “Since  they  all  tell  us  how  much  homework  they  have,  we  can  get 
them  all  Dragon  NaturallySpeaking  speech-recognition  software.  They 
can  use  Dragon  for  book  reports,  essays,  doing  research  on  the  Web:  they 
won’t  ever  have  to  type  again.” 

Never  type  again?  That’s  when  I  swore  at  the  radio.  I  understand  that 
speech-recognition  software  has  improved  over  the  years,  but  don’t  tell 
me  —  or  my  kids  —  that  there  will  be  no  need  for  typing  any  time  soon.  Not 
buying.  And  their  aunts  and  uncles  had  better  not  be  buying  either. 

Clueless  Dad:  “Wait?  They  talk  and  their  computer  types  for  them?” 

That’s  right,  Clueless  Dad,  they  talk  and  their  computer  types.  Clueless 
Dad  —  old  reliable  for  advertising  writers  everywhere  —  will  be  around 
even  longer  than  the  need  for  typing  skills. 

Mom:  “Yeah,  do  you  think  they’ll  like  Dragon?” 

We  just  finished  establishing  that  Clueless  Dad  has  never  even  heard  of 
this  technological  marvel  called  speech-to-text  software,  yet  Mom  heart¬ 
lessly  presses  him  for  validation  of  her  plan,  which  —  let’s  be  honest  —  will 
go  over  like  a  new  pair  of  socks  with  most  young  people?  Not  fair,  Mom,  let 


Clueless  Dad  concentrate  on  the  road. 

Clueless  Dad,  winging  it  anyway:  “A  gift  that  will  get  schoolwork  done 
faster  and  get  them  back  to  video  games  sooner?  (chuckle)  They’ll  love  it. 
They’ll  love  you.” 

In  other  words,  win  your  child’s  heart  by  giving  the  gift  of  more  Wii 
time. 

Not  only  is  that  lousy  parenting  advice,  it’s  a  silly  sales  pitch.  This  soft¬ 
ware  is  being  marketed  and  sold  to  parents,  not  children  (hear  any  kids 
clamoring?).  And  in  how  many  households  is  carving  out  more  time  for 
video  games  a  goal ...  of  the  grownups? 

By  the  way,  Dragon  costs  at  least  $100  per  copy,  which  means  Mom  and 
Clueless  Dad  are  talking  about  a  $600-plus  investment.  And  who  can 
afford  to  spend  that  kind  of  scratch  on  nieces  and  nephews  these  days? 

So  Happy  Holidays  Mom,  Clueless  Dad  and  the  marketers  responsible 
for  bringing  both  of  you  to  my  radio.  Enjoy  your  lumps  of  coal. 

Check  every  day? 

Speaking  of  holiday  shopping,  we  are  being  inundated  as  usual  with  offers 
of  “expert  advice”  for  us  to  pass  along  to  readers  so  they  may  better  protect 
themselves  against  identity  theft.  Here’s  a  beauty  offered  by  Identity  Theft 
911:  “Check  your  bank  and  credit  card  statements  and  accounts  every  day 
to  make  sure  each  transaction  is  yours.” 

This  strikes  me  as  blowing  by  excessive  and  diving  headlong  into  the 
paranoia  pool.  I  mean,  if  you’re  checking  all  of  your  accounts  every  day,  I 
would  suggest  that  the  prospect  of  identity  theft  ranks  below  the  likelihood 
of  Obsessive  Compulsive  Disorder  on  your  list  of  problems.  ■ 

Write  to  me  every  day  if  you  so  please.  The  address  is  buzz@nww.com. 
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Three  Platforms. 

One  Provider. 

Complete  Privileged  Access  Control. 


Introducing  the  new  BeyondTrust. 

A  security  strategy  is  only  effective  if  it  grows  with  your  company.  As  enterprises  deploy  more  Linux®, 
UNIX®,  and  Windows®  in  heterogeneous  IT  environments,  managing  sensitive  data  in  these  multi-platform 
infrastructures  can  be  difficult,  complex,  and  costly. 


Meet  the  new  BeyondTrust,  a  leading  provider  of  Privileged  Access  Lifecycle  Management  solutions  for 
heterogeneous  environments.  Our  leading  products  protect  sensitive  and  confidential  data  through  an 
effective  combination  of  privilege  delegation,  strict  user  access  control,  privileged  password  management, 
and  secure  audit  trails.  With  solutions  that  prevent  data  breaches  and  achieve  regulatory  compliance, 
hundreds  of  Forbes  2000  companies  rely  on  us  to  maximize  their  security  while  reducing  complexity 
and  administrative  costs. 


Try  it  free  for  30  days  at  www.beyondtrust.com/nw 

When  it  comes  to  managing  risk,  we  have  the  key. 


Q  beyondtrust 

Control  Access.  Control  Risk. 


Copyright©  2009  BeyondTrust  Software  International,  Inc.  All  rights  reserved.  BeyondTrust  is  a  trademark 
of  BeyondTrust  Software  International,  Inc.  UNIX  is  a  registered  trademark  of  The  Open  Group. 

Linux  is  a  registered  trademark  of  Linus  Torvalds.  Windows  is  a  registered  trademark  of  Microsoft  Corporation. 
All  trademarks  are  registered  in  the  United  States  and/or  other  countries. 


1-800-234-9072 


*  <gj  NEC  Corporation  2009.  NEC  and  the  NEC  logo  are  registered  trademarks  of  NEC  Corporation.  Empowered  by  Innovation  is  a  trademark  of  NEC 
4  Corporation.  Microsoft  *'  and  SQL  Server''  are  registered  trademarks  of  Microsoft  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries 
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NEC  GIVES  RMS  WHAT  IT 
NEEDS  -  VIRTUALIZATION 
FOR  REAL  RESULTS. 

Revenue  Management  Solutions  (RMS)  runs  one  of  the 
largest  Microsoft®  SQL  Server”  databases  in  the  world. 
Their  global  econometrics  consultancy  includes  some  of 
the  world's  largest  restaurant  and  retail  chains.  To 
handle  the  tremendous  volume  of  data  required  to 
discover  profit  insights  and  provide  pricing  guidance 
for  their  clients,  they've  adopted  virtualization  solutions 
from  NEC.  Says  John  Oakes,  "The  reliability  of  NEC's 
technology  lets  RMS  focus  on  growing  our  business." 
At  RMS,  virtualization  is  good  econometrics. 


Learn  how  NEC  can  partner  with  your 
company  at  www.nec.com/cases/rms 


Empowered  by  Innovation 


